Search Inside Bitcoins

Victim Loses $24 Million Staked ETH In One Of Biggest Ever Phishing Thefts From An Individual

Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong.

Phishing Attack
Phishing Attack

Join Our Telegram channel to stay up to date on breaking news coverage

A crypto whale lost $24 million in staked Ethereum in one of the biggest ever phishing attacks, on-chain data shows.

The crypto phisher lured the victim, draining his wallet of 4,851 rETH valued at $8.5 million and 9,579 stETH worth $15.6 million, both versions of Ethereum used for staking. The tokens were priced at a total of $24.3 million, making it one of the biggest crypto phishing losses for a single person ever, said Web3 security firm Scam Sniffer.

A number of blockchain security firms have pointed to the possibility of the attack being a well-orchestrated phishing scheme with the wallet address used by the attacker being associated with multiple crypto phishing websites. 

Phishing websites are fake online platforms that are designed to trick unsuspecting victims into giving personal and financial information or convincing them to authorize transactions. They often impersonate known crypto projects or promise crypto airdrops. 

What Happened?

According to information from various security firms, the crypto whale “0x13e382” was cajoled to authorize a transaction from their Ethereum wallet via a malicious link. 

According to Mario B, an analyst at security firm Beosin, “The funds were stolen via the transferFrom function, we suspect this was done with a phishing link.”

It appears the individual granted the scammer the required permissions to finalize a ‘transferFrom’ function, after interacting with the phishing link, according to on-chain data. 

Scam Sniffer gave a detailed explanation of what might have transpired in this attack. According to the Web3 security firm, “the victim gave the token approvals to the scammer by signing “increaseAllowance” transactions.

Shortly after unintentionally authorizing the transaction, the funds were transferred to the address “0x4c10a462CD1e639Da8A062aE8a33a23401120ab1, a wallet designated as “Fake_Phishing186943” by the block explorer Etherscan. This address, Scam Sniffer said, “is associated with many crypto phishing sites” and has maintained activity since May 21

However, the phisher has relocated some of these assets to Fixed Float exchange, while the remainder resides in three other distinct addresses.

Jingyi Guo, an analyst at blockchain security firm BlockSec, reinforced this, saying: “The victim gave the token approvals for rETH and stETH to the phishers in two separate transactions.”

“It is highly likely that the signing of these transactions occurred after accessing a phishing link,” Guo added.

Although the victim’s identity has been concealed, the transaction history reveals a seasoned liquidity provider with a wealth of on-chain experience. The whale’s wallet has been operational since 2017 and currently offers more than $1.6 million in WBTC/USDT liquidity on Uniswap V3.

Phishing Attacks are Becoming Rampant on X

Phishing scams have increased dramatically on the social media platform X, leading to growing concerns from the crypto community. Users are continuously bombarded with numerous verified paid bots to lure vulnerable victims. 

One X user, Wojak Satoshi, while replying to Scam Sniffer’s thread, said the platform has been “plagued with scam links. I get tagged in something every 5 mins.”

Another user had fallen victim to scams, losing “55 Roosters’ from just clicking on the links while scrolling his feed. 

Earlier, on-chain investigator ZachXBT had expressed concerns about this issue, informing the crypto community of the proliferation of fake verified organizations on X.

“Verified orgs were intended to make it harder for scammers, but it has just created a new black market for accounts with no way for us to report and take down these accounts easily,” he said.

This accentuates the continuous threats phishing scams pose to the crypto industry. Crypto-related phishing scams have increased 40% year-on-year, according to a report by cybersecurity firm Kaspersky.

Self-custody, which is seen as a solution to such challenges, has its own risks, and users are advised to exercise extreme caution when using their crypto wallets anywhere on the internet.  

Related News

New Crypto Mining Platform - Bitcoin Minetrix


Bitcoin Minetrix
  • Audited By Coinsult
  • Decentralized, Secure Cloud Mining
  • Earn Free Bitcoin Daily
  • Native Token On Presale Now - BTCMTX
  • Staking Rewards - Over 100% APY
Bitcoin Minetrix

Join Our Telegram channel to stay up to date on breaking news coverage

Read next