In a staggering turn of events, a cryptocurrency whale has become the victim of a massive phishing attack, resulting in the loss of millions of dollars in staked Ether (ETH) on the liquid staking provider Rocket Pool. The incident took place on September 6 and was first reported by PeckShield, a cryptocurrency security firm.
According to PeckShield’s report, the investor lost their entire address balance of Lido Staked ETH (stETH) and Rocket Pool ETH (rETH). The hacker managed to steal 9,579 stETH and 4,851 rETH in just two transactions. At the time of the attack, the stolen amount was valued at $15.5 million in stETH and $8.5 million in rETH, totaling a whopping $24 million.
The phisher didn’t stop there. They swiftly exchanged the stolen assets for 13,785 ETH and 1.64 million Dai (DAI). To make matters worse, a significant portion of the DAI was transferred to the fully automatic cryptocurrency exchange FixedFloat, according to PeckShield. This transfer indicates an attempt by the hacker to cash out and make the stolen funds even more difficult to trace.
Further investigations by SlowMist’s crypto tracking team, MistTrack, revealed that the remaining stolen funds were dispersed among three different addresses. MistTrack continues to monitor these addresses for any suspicious activity that could help identify the culprit behind the phishing attack.
Related Post
It’s worth noting that the victim’s actions played a role in enabling the scammer’s access to their funds. By approving token allowances through “Increase Allowance” transactions, the victim unknowingly gave the scammer permission to manipulate their tokens. This feature, common in ERC-20 tokens, allows third parties to spend tokens belonging to someone else through smart contracts. However, this incident highlights the risks associated with granting access permissions to anonymous developers who may deploy malicious smart contracts to scam unsuspecting users.
This incident comes at a time when several Ethereum liquid staking providers, including Rocket Pool, StakeWise, Stader Labs, and Diva Staking, have implemented or are in the process of implementing a self-limit rule. This rule ensures that these providers do not control more than 22% of the Ethereum staking market, aiming to maintain decentralization and prevent the concentration of power.
The phishing attack serves as a reminder that even the most experienced cryptocurrency investors and holders are not immune to security breaches. It reinforces the importance of staying vigilant and adopting best practices to protect one’s digital assets. This includes being cautious of phishing attempts, double-checking URLs, enabling two-factor authentication, and keeping software and hardware wallets up to date.
In conclusion, this high-profile phishing attack resulting in the loss of $24 million in staked ETH on Rocket Pool emphasizes the pressing need for heightened security measures within the cryptocurrency industry. It serves as a wakeup call for individuals and organizations to prioritize cybersecurity and take proactive steps to safeguard their investments.
