On September 6, $24 million worth of tokens were withdrawn from an unknown whale’s address. Apparently, the owner fell victim to a phishing attack. Let's find out what happened in more detail.
A phishing attack is a kind of attack when a victim unknowingly interacts with a very similar but spoofed interface or website, leaving important data or other sensitive information there. This information can then be stolen by a scammer.
How did the attack happen
For starters, we need to recall some features of the Ethereum blockchain architecture. In order to interact with a smart contract, users must first sign a transaction, giving the smart contract access to manage the tokens within their wallet.
For instance, to swap token X from your wallet to token Y from the liquidity pool on Uniswap, you authorise the smart contract to oversee your token X, Only after this authorisation is granted users can do the swap.
In this case, two transactions were signed from the victim’s wallet, where they authorised the attacker's smart contract to access and withdraw tokens.
According to PeckShield, a cybersecurity company, it is likely that the user signed off on the transactions as a result of a phishing attack. The victim was unaware that they were giving permission to the attacker.
The number of the stolen tokens
Due to a lapse in attentiveness, 9,579 stETH and 4,851 rETH were stolen from the owner.
The stolen tokens are synthetic representations of real ETH, issued by staking ETH through special protocols. In this context, rETH refers to Rocket Pool, while stETH is associated with Lido Finance. You can find more details about these protocols here.
Owners of such synthetic ETH tokens can exchange them for real ETH through the appropriate protocol at any given time. Alternatively, they can interact in various DeFi activities, such as borrowing, providing liquidity, trading on DEX, and more.
However, the attacker quickly converted these tokens into 13,785 ETH and 1.6 million DAI.
Moreover, according to the Scam Sniffer service, the address to which the stolen funds were transferred has previously been seen in similar scamming activities.
What else is known about the victim
The wallet from which the funds were stolen appears to belong to a fairly experienced cryptocurrency user:
🗓️ Their first transaction was made back in 2020;
🧠 They used decentralised applications (dApps) like Aave, 1inch, Uniswap, Curve, etc. Notably, their involvement was not just about using but also providing liquidity and doing other activities that go beyond an average DeFi user.
The hack serves as yet another reminder that you need to be especially careful not to fall for scams in the world of crypto. Use only trusted sites and reliable dApps.
You might also like: