Massive Phishing Attack: Victim Loses $24 Million in Crypto

Ledger Hack $32 million

An Ethereum address with a record of interacting with DeFi protocols suffered significant losses in a phishing attack. The attacker stole over $24 million worth of cryptocurrencies by tricking the victim into visiting a malicious website and signing “increaseAllowance” transactions on their wallet. 

Specifically, the cryptocurrencies stolen include $8.5 million worth of Rocket Pool ETH (rETH) and $15.6 million in Lido Staked ETH (stETH). stETH and rETH are Ethereum-based derivatives, allowing users to stake their ETH and earn rewards.

Blockchain security firm Scam Snifer uncovered the exploit, verifying that the hacker had started moving the stolen funds. Some amount was transferred to FixedFloat, an instant, fully automatic cryptocurrency exchange with Bitcoin Lightning Network support. The majority of the funds remain in three separate unconnected addresses. The scammer’s associated address is verifiably linked to many crypto phishing sites.

While the victim’s identity remains unknown, on-chain data revealed that the address drained by the scammer is active in the decentralized finance (DeFi) ecosystem and has provided liquidity amounting to $1.6 million on Uniswap V3. The address has also used multiple DeFi platforms, including Aave, 1inch, and Curve.

Rise in Crypto Phishing Attacks

Phishing is a common social engineering attack in which attackers masquerade as a legitimate entity through electronic communication services to trick victims into revealing sensitive information.

In this case, the attacker used fake emails and websites that impersonated two popular DeFi protocols, Lido Finance and StakeWise. 

The latest incident further underscores the persistent threat of sophisticated phishing scams in the crypto sector. Just recently, some former users of FTX were hit by a phishing attack on their emails a week after Kroll, the claims agent in the FTX’s bankruptcy proceedings, suffered a cybersecurity breach that compromised the non-sensitive customer data of claimants in the ongoing bankruptcy case.

Your crypto deserves the best security. Get a Ledger hardware wallet for just $79!

Market Analysis
Liked Reading? Share with Friends