ETH Whale Loses Over $24 Million to Phishing Scam

Incident Overview

In the early hours of September 7, 2023, a whale wallet with the address 0x13e3 lost $24.23 million due to a phishing attack. The victim's funds were drained during transactions involving stETH and rETH, possibly after clicking on a phishing link.

Transaction Details

According to Scam Sniffer, the whale wallet 0x13e3 lost 4,850 rETH (approximately $8.5 million) and 9,579 stETH (approximately $15.6 million) through two transactions. These tokens were sent to the attacker's wallet 0x693b. The attacker then converted the stETH and rETH to ETH and DAI, and distributed the ETH across three different wallets.

Tokens Involved

• stETH: A liquid staking token from Lido
• rETH: A liquid staking token from Rocket Pool

Cause of the Attack

Further investigation revealed that the whale wallet 0x13e3 had interacted with a phishing address, 0x4c10, which had been marked as Fake_Phishing by Etherscan.

Before the significant transaction, the whale wallet approved an "increaseAllowance" transaction, giving the phishing address permission to withdraw the tokens. This method allowed the attacker to take control of a large amount of the whale's stETH and rETH.

Scammer’s Activity

Scam Sniffer identified the phishing address 0x4c10 as linked to numerous other crypto scam sites. The address has been flagged multiple times in connection with phishing activities and has a severe risk score of 100.

Known Phishing URLs

• Several URLs linked to the address were identified as phishing sites, contributing to the high-risk assessment.

Victim’s Current Situation

Despite losing $24 million in rETH and stETH, the whale wallet still holds a balance of $16.3 million. This incident highlights the ongoing risks of phishing scams in the crypto space, where even sophisticated users can fall victim to malicious tactics.

Conclusion

This incident serves as a stark reminder for all crypto investors to exercise extreme caution when interacting with online platforms and approving transactions. Phishing remains a significant threat, and it is crucial to verify the authenticity of websites and smart contracts before engaging with them.