The amount of ETH taken amounts to 4,851 from Rocket Pool and 9,579 from Lido Staked. According to security experts, the victim unwittingly approved a fraudulent transaction.
On-chain information suggests a phishing assault led to the loss of $24 million worth of cryptocurrency. The stolen assets include 9,579 Lido Staked ETH (priced at $15.6 million) and 4,851 Rocket Pool ETH (rETH) (worth $8.5 million). It’s one of the biggest single crypto phishing attacks ever.
Several security companies have speculated that a phishing technique was used in the assault. They claim that the victim’s Ethereum wallet was emptied after being tricked into approving a transaction through a fraudulent link.
This issue involves phishing, in which victims are duped into doing activities with harmful smart contracts, such as signing transactions and communicating with them. “The funds were stolen via the transferFrom function, we suspect this was done with a phishing link,” Mario B, analyst at security company Beosin, according to The Block.
On-chain data suggests that the victim apparently gave the attacker access to run a ‘transferFrom’ function after clicking on the phishing link. The funds were transferred to a wallet identified by Etherscan’s block explorer as “Fake_Phishing186943” shortly after the unwitting authorization of the transaction.
The victim authorized the phishers to spend both rETH and stETH tokens in two different transactions. A phishing page was likely visited before these transactions were signed, according to BlockSec expert Jingyi Guo.
Also Read: Belgium’s Binance Users Warned That 4 Altcoins Will Be Removed
Wallets