An individual appears to have suffered a substantial loss of $24 million in cryptocurrencies, and evidence suggests that a phishing attack was the likely cause of this devastating financial blow.
The stolen assets, in this case, consist of liquid staking derivatives, specifically 4,851 Rocket Pool ETH (rETH) valued at around $8.5 million, and 9,579 Lido Staked ETH, worth around $15.6 million.
This incident now stands as one of the largest individual cryptocurrency phishing attacks on record.
Multiple cybersecurity firms have weighed in on the incident, pointing to a phishing tactic as the likely modus operandi.
According to these experts, the individual was enticed into authorizing a transaction from their Ethereum wallet by interacting with a malicious link.
Phishing attacks, a common threat in the cryptocurrency space, involve deceiving users into signing transactions and engaging with malicious smart contracts.
In this particular case, the funds were stolen through the execution of a ‘transferFrom’ function, which experts strongly suspect was enabled through a phishing link.
As per on-chain data, it becomes evident that the individual, after engaging with the phishing link, inadvertently granted the perpetrator the necessary permissions to execute the ‘transferFrom’ function.
Subsequently, the stolen assets were swiftly transferred to an address ominously labeled “Fake_Phishing186943” as seen on the Etherscan block explorer.
BlockSec analyst Jingyi Guo emphasized, “The victim gave the token approvals for rETH and stETH to the phishers in two separate transactions. It is highly likely that the signing of these transactions occurred after accessing a phishing link.”
