Victim Loses $24 Million Staked ETH In One Of Biggest Ever Phishing Thefts From An Individual

Updated: 07 September 2023

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

A crypto whale lost $24 million in staked Ethereum in one of the biggest ever phishing attacks, on-chain data shows.

The crypto phisher lured the victim, draining his wallet of 4,851 rETH valued at $8.5 million and 9,579 stETH worth $15.6 million, both versions of Ethereum used for staking. The tokens were priced at a total of $24.3 million, making it one of the biggest crypto phishing losses for a single person ever, said Web3 security firm Scam Sniffer.

insane! someone lost $24.23m worth of stETH and rETH to crypto phishing 8 hours ago!https://t.co/CKeSxGkbjU pic.twitter.com/Xq46p10NlP

— Scam Sniffer (@realScamSniffer) September 7, 2023

A number of blockchain security firms have pointed to the possibility of the attack being a well-orchestrated phishing scheme with the wallet address used by the attacker being associated with multiple crypto phishing websites.

Phishing websites are fake online platforms that are designed to trick unsuspecting victims into giving personal and financial information or convincing them to authorize transactions. They often impersonate known crypto projects or promise crypto airdrops.

What Happened?

According to information from various security firms, the crypto whale “0x13e382” was cajoled to authorize a transaction from their Ethereum wallet via a malicious link.

According to Mario B, an analyst at security firm Beosin, “The funds were stolen via the transferFrom function, we suspect this was done with a phishing link.”

It appears the individual granted the scammer the required permissions to finalize a ‘transferFrom’ function, after interacting with the phishing link, according to on-chain data.

Scam Sniffer gave a detailed explanation of what might have transpired in this attack. According to the Web3 security firm, “the victim gave the token approvals to the scammer by signing “increaseAllowance” transactions.”

"0x4c10a462CD1e639Da8A062aE8a33a23401120ab1" is associated with many crypto phishing sites. pic.twitter.com/fFGyIswExF

— Scam Sniffer (@realScamSniffer) September 7, 2023

Shortly after unintentionally authorizing the transaction, the funds were transferred to the address “0x4c10a462CD1e639Da8A062aE8a33a23401120ab1, a wallet designated as “Fake_Phishing186943” by the block explorer Etherscan. This address, Scam Sniffer said, “is associated with many crypto phishing sites” and has maintained activity since May 21.

However, the phisher has relocated some of these assets to Fixed Float exchange, while the remainder resides in three other distinct addresses.

Some of the funds were transferred to @FixedFloat , and most of the funds remained in the following 3 addresses.

0x4f2f02ee2f86e9ee8e674c1e8b2837181d12f322
0x7023505ed4b696d174969aa318fbe47b98787e49
0x2abdc2ab2b7e46e0c6bb4e7c816ef64485f4f7ad https://t.co/tj9C1XjhTE pic.twitter.com/a4UuoYOV2o

— MistTrack🕵️ (@MistTrack_io) September 7, 2023

Jingyi Guo, an analyst at blockchain security firm BlockSec, reinforced this, saying: “The victim gave the token approvals for rETH and stETH to the phishers in two separate transactions.”

“It is highly likely that the signing of these transactions occurred after accessing a phishing link,” Guo added.

Although the victim’s identity has been concealed, the transaction history reveals a seasoned liquidity provider with a wealth of on-chain experience. The whale’s wallet has been operational since 2017 and currently offers more than $1.6 million in WBTC/USDT liquidity on Uniswap V3.

Phishing Attacks are Becoming Rampant on X

Phishing scams have increased dramatically on the social media platform X, leading to growing concerns from the crypto community. Users are continuously bombarded with numerous verified paid bots to lure vulnerable victims.

One X user, Wojak Satoshi, while replying to Scam Sniffer’s thread, said the platform has been “plagued with scam links. I get tagged in something every 5 mins.”

I just lost 55 Roosters… I can see it on Snowtrace. I cannot log into Discord. I see the address that took it. Probably gonna be a lot of cheap Roosters up for sale… Devastating…💔

— LordBoz 🐔🐓🥚🔺🐉🧠 (@theboz1632) September 7, 2023

Another user had fallen victim to scams, losing “55 Roosters’ from just clicking on the links while scrolling his feed.

Earlier, on-chain investigator ZachXBT had expressed concerns about this issue, informing the crypto community of the proliferation of fake verified organizations on X.

“Verified orgs were intended to make it harder for scammers, but it has just created a new black market for accounts with no way for us to report and take down these accounts easily,” he said.

This accentuates the continuous threats phishing scams pose to the crypto industry. Crypto-related phishing scams have increased 40% year-on-year, according to a report by cybersecurity firm Kaspersky.

Self-custody, which is seen as a solution to such challenges, has its own risks, and users are advised to exercise extreme caution when using their crypto wallets anywhere on the internet.