Individual loses $24 million in likely crypto phishing attack

An individual has seemingly lost access to $24 million in cryptocurrencies from their Ethereum ETH -1.071% wallet, with on-chain data pointing to a phishing attack as the likely cause.

The drained assets included liquid staking derivatives, specifically 4,851 Rocket Pool ETH ( rETH -1.14% ) valued at $8.5 million, and 9,579 Lido Staked ETH, valued at $15.6 million. This makes it one of the largest individual crypto phishing incidents to date.

Multiple security firms stated that the attack likely involved a phishing tactic. According to them, the individual was lured into authorizing malicious transactions from their Ethereum wallet, through a phishing link.

Falling for a phishing attack

Phishing attacks involve tricking crypto users into interacting with malicious smart contracts that can drain their funds, as was the case in this incident. “The funds were stolen via the transferFrom function, we suspect this was done with a phishing link,” Mario B, analyst at security firm Beosin, told The Block.

After interacting with the phishing link, on-chain data shows that the individual seemingly granted the perpetrator the required permissions to execute a ‘transferFrom’ function. Shortly after unintentionally authorizing transactions, the assets were moved to an address labeled as “Fake_Phishing186943” on the block explorer Etherscan.

“The victim gave the token approvals for rETH and stETH -1.093% to the phishers in two separate transactions. It is highly likely that the signing of these transactions occurred after accessing a phishing link,” BlockSec analyst Jingyi Guo said.