Jump to
Main Blog Hype User lost $24 million due to phishing attack

User lost $24 million due to phishing attack

Pic 1

On September 6, $24 million worth of tokens were withdrawn from an unknown whale’s address. Apparently, the owner fell victim to a phishing attack. Let's find out what happened in more detail.

A phishing attack is a kind of attack when a victim unknowingly interacts with a very similar but spoofed interface or website, leaving important data or other sensitive information there. This information can then be stolen by a scammer.

How did the attack happen

For starters, we need to recall some features of the Ethereum blockchain architecture. In order to interact with a smart contract, users must first sign a transaction, giving the smart contract access to manage the tokens within their wallet. 

For instance, to swap token X from your wallet to token Y from the liquidity pool on Uniswap, you authorise the smart contract to oversee your token X, Only after this authorisation is granted users can do the swap.

In this case, two transactions were signed from the victim’s wallet, where they authorised the attacker's smart contract to access and withdraw tokens. 

According to PeckShield, a cybersecurity company, it is likely that the user signed off on the transactions as a result of a phishing attack. The victim was unaware that they were giving permission to the attacker. 


The number of the stolen tokens

Due to a lapse in attentiveness, 9,579 stETH and 4,851 rETH were stolen from the owner.

The stolen tokens are synthetic representations of real ETH, issued by staking ETH through special protocols. In this context, rETH refers to Rocket Pool, while stETH is associated with Lido Finance. You can find more details about these protocols here.

Owners of such synthetic ETH tokens can exchange them for real ETH through the appropriate protocol at any given time. Alternatively, they can interact in various DeFi activities, such as borrowing, providing liquidity, trading on DEX, and more.

However, the attacker quickly converted these tokens into 13,785 ETH and 1.6 million DAI.

Moreover, according to the Scam Sniffer service, the address to which the stolen funds were transferred has previously been seen in similar scamming activities.


What else is known about the victim

The wallet from which the funds were stolen appears to belong to a fairly experienced cryptocurrency user:

🗓️ Their first transaction was made back in 2020;
🧠 They used decentralised applications (dApps) like Aave, 1inch, Uniswap, Curve, etc. Notably, their involvement was not just about using but also providing liquidity and doing other activities that go beyond an average DeFi user. 

The hack serves as yet another reminder that you need to be especially careful not to fall for scams in the world of crypto. Use only trusted sites and reliable dApps.

You might also like: 

Crypto scam: how to protect yourself

What is Ethereum


Maria Kachura
Maria Kachura

Visit her on Facebook or hit her up via Email.

Share this post
Similar articles
Best investment options for 2023
16 February, 2023
Best investment options for 2023
Let’s explore all the pros and cons of currencies, cryptocurrencies, stocks, real estate, and precious metals.
Cryptocurrency vs. token: what's the difference?
7 April, 2023
Cryptocurrency vs. token: what's the difference?
Let’s figure out what types of coins are there on the crypto market.
NFT NYC 2022!🌐🦄
20 June, 2022
NFT NYC 2022!🌐🦄
NFT NYC 2022.
AIBC Americas 2022
8 June, 2022
AIBC Americas 2022
AIBC Americas 2022.
ETH NEW YORK 2022 🌐🦄
24 June, 2022
ETH NEW YORK 2022 🌐🦄
Blockchain Economy Istabbul Summit 2022
9 June, 2022
Blockchain Economy Istabbul Summit 2022
Blockchain Economy Istanbul Summit.