- Cryptocurrency whale has been swindled of millions in liquid staking derivatives (LSD).
- This took place after the investor interacted with a malicious link set up by the phishing scammers.
- Phishing seems to be rampant, investors are therefore advised to exercise caution while online.
The crypto sector is on high alert after a cryptocurrency whale was swindled of millions in liquid staking derivatives (LSD) in the latest phishing scam. This happened after the investor interacted with malicious links set up by phishing scammers making the Crypto Whale lose millions in the process.
The investor lost their entire address balance of Lido Staked ETH (stETH) and Rocket Pool ETH (rETH) on Sept. 6, according to the cryptocurrency security firm PeckSHield.
Both Rocket Pool ETH (rETH) and Lido staked ETH (stETH) are liquid staking derivatives (LSDs) of Ethereum’s native token Ether (ETH).
The security firm reported that the whale fell victim to a phishing attack, losing $24.24M worth of cryptos. Portions of the assets have been transferred into FixedFloat, a non-custodial crypto exchange.”
Moments later, Peckshield had a news update that the phisher had transferred another 78K DAI to Mixer and CEX.
Then again, the security firm posted another update that the phisher had transferred 1 ETH to TornadoCash.
According to Web3 security firm Scam Sniffer, the whale unintentionally granted token approval to the fraudsters by authorizing increased allowance. This happened after the whale authorized access to the two liquid staking derivatives (LSD) after clicking on a malicious link provided by the scammer.
This has been dubbed one of the biggest crypto phishing losses for a single person ever, according to the security firm, the crypto phisher drained the victim’s wallet of 4,851 rETH valued at $8.5 million and 9,579 stETH worth $15.6 million, both tokens priced at a total of $24.3 million.
The stolen funds were initially deposited into two addresses; “0x693b72” and “0x4c10a4.” but the scammers transferred some of the assets to the Fixed Float Exchange, while the rest was left in three separate addresses. The address “0x4c10a4,” is linked to multiple crypto phishing websites.
Crypto Sector On High Alert
Scammers have devised a way to scam decentralised finance (DeFi) users with fake links masked as legitimate URLS. Upon clicking such links, users are left vulnerable as scammers can then authorize transactions and withdrawals from the victim’s wallets before transferring the stolen loot to other addresses.
In addition to the $24 million in ETH derivatives that has been lost to scammers in 2023, other notable incidents include $3.8 million which was lost in March in Rocket Pool (RPL) to a phishing scam.
Other targetted assets have been non-fungible tokens (NFT) holders, MetaMask users, X (formerly Twitter) accounts as well as blockchains.
Last year in August, Layer 1 network Terra halted its website to prevent phishing attacks.
Users on X have also registered their dissatisfaction at the turn of events. A user by the name “Techright | Audit” said, “It’s a harsh reminder that the crypto world can be treacherous!”
Another one by the name CryptoSenua made a sarcastic remark, “The future of finance”, Batman wondered, “How does this continue to happen.”
As cryptocurrency continues to evolve, so will online fraud become more sophisticated, hence the need to be more vigilant and alert.
