An individual has reportedly fallen victim to a cryptocurrency phishing attack, resulting in the loss of approximately $24 million worth of digital assets.
On-chain data strongly suggests that this incident was indeed a sophisticated phishing attack, making it one of the largest individual crypto phishing cases on record.
The stolen assets encompassed liquid staking derivatives, consisting of 4,851 Rocket Pool ETH (rETH), valued at around $8.5 million, and 9,579 Lido Staked ETH, amounting to a staggering $15.6 million.
These substantial losses serve as a stark reminder of the ever-present risks in the cryptocurrency space.
Security experts and multiple cybersecurity firms have weighed in on the incident, pointing to phishing tactics as the likely modus operandi.
According to their analysis, the victim was likely enticed into initiating a transaction from their Ethereum wallet by clicking on a malicious link.
Phishing attacks in the crypto world typically involve deceiving users into signing transactions or engaging with malicious smart contracts, mirroring the circumstances of this particular case.
Mario B, an analyst at the security firm Beosin, stated, “The funds were stolen via the transferFrom function, we suspect this was done with a phishing link.”
Following the interaction with the phishing link, on-chain data reveals that the victim inadvertently granted the perpetrator the necessary permissions to execute a ‘transferFrom’ function.
Subsequently, the stolen assets were swiftly moved to an address conspicuously labeled as “Fake_Phishing186943” on the Etherscan block explorer.
Jingyi Guo, an analyst at BlockSec, remarked, “The victim gave the token approvals for rETH and stETH to the phishers in two separate transactions. It is highly likely that the signing of these transactions occurred after accessing a phishing link.”