An incident involving a phishing attack in September 2023 has resulted in the transfer of $10 million worth of Ether (ETH) to the crypto-mixing protocol Tornado Cash.
An incident involving a phishing attack in September 2023 has resulted in the transfer of $10 million worth of Ether (ETH) to the crypto-mixing protocol Tornado Cash. The account responsible for the attack was alerted by blockchain security firm CertiK on March 21. The funds originated from a crypto whale who fell victim to the phishing incident, losing a staggering $24 million in staked ETH on the liquid staking provider Rocket Pool.
During the attack, the hacker executed two transactions, siphoning off 9,579 stETH and 4,851 rETH from the crypto whale. The victim had unknowingly signed an "Increase Allowance" transaction, granting the hacker permission to access and spend ERC-20 tokens belonging to the victim. This feature, while useful, has raised concerns within the crypto community as it can be exploited by malicious actors deploying fraudulent smart contracts.
PeckShield, another blockchain security company, discovered that the attacker swapped the stolen assets for 13,785 ETH and 1.64 million Dai (DAI). A portion of the DAI was transferred to the FixedFloat exchange, while the majority of the pilfered funds were dispersed across various wallets.
Phishing attacks continue to pose a significant challenge for the cryptocurrency space, with Scam Sniffer's crypto phishing report revealing losses of nearly $47 million in February alone. Ethereum was the most targeted network, accounting for 78% of the thefts, and ERC-20 tokens constituted 86% of the stolen assets.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
