Individual loses $24 million in likely crypto phishing attack

Quick Take

  • An anonymous Ethereum user apparently lost access to $24 million in what appears to be a phishing attack.
  • The drained assets were 4,851 Rocket Pool ETH and 9,579 Lido Staked ETH, security firms said.

An individual has seemingly lost access to $24 million in cryptocurrencies from their Ethereum ETH + wallet, with on-chain data pointing to a phishing attack as the likely cause.

The drained assets included liquid staking derivatives, specifically 4,851 Rocket Pool ETH ( rETH + ) valued at $8.5 million, and 9,579 Lido Staked ETH, valued at $15.6 million. This makes it one of the largest individual crypto phishing incidents to date.

Multiple security firms stated that the attack likely involved a phishing tactic. According to them, the individual was lured into authorizing malicious transactions from their Ethereum wallet, through a phishing link.

Falling for a phishing attack


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Phishing attacks involve tricking crypto users into interacting with malicious smart contracts that can drain their funds, as was the case in this incident. “The funds were stolen via the transferFrom function, we suspect this was done with a phishing link,” Mario B, analyst at security firm Beosin, told The Block.

After interacting with the phishing link, on-chain data shows that the individual seemingly granted the perpetrator the required permissions to execute a ‘transferFrom’ function. Shortly after unintentionally authorizing transactions, the assets were moved to an address labeled as “Fake_Phishing186943” on the block explorer Etherscan.

“The victim gave the token approvals for rETH and stETH + to the phishers in two separate transactions. It is highly likely that the signing of these transactions occurred after accessing a phishing link,” BlockSec analyst Jingyi Guo said.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]


To contact the editor of this story:
Tim Copeland at
[email protected]