See More

Crypto Phishing Victim Loses $24 Million in Wallet Approval Scam  

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • A cryptocurrency investor lost $24.23 million in stETH and rETH tokens in a recent massive phishing attack.
  • The attacker swapped the stolen tokens for roughly 13,785 ETH worth about $22.5 million, and 1.64 million DAI.
  • Group-IB warned of a major phishing threat actor "W3LL" that targets corporate Microsoft 365 accounts.
  • promo

An unfortunate cryptocurrency investor has lost millions in the latest crypto phishing scam. Furthermore, the victim lost a large stash of staked Ethereum tokens in what is one of the largest phishing attacks in recent history.

On September 7, blockchain security and scam feeds flashed up alerts about a massive phishing attack, but it was too late for one investor. 

Crypto Phishing Attack Drains $24M in Tokens

Just a few hours ago, the attack was reported, and the details still remain patchy. However, it appears that the victim lost $24.23 million worth of stETH and rETH in the attack.

PeckShield reported that the whale lost 9,579 stETH and 4,851 rETH. stETH is the Lido staked Ethereum token, while the Rocket Pool staked Ethereum token is rETH.

According to Scam Sniffer, the victim gave the token approvals to the scammer by signing “increaseAllowance” transactions.

Moreover, the malicious address had previously been flagged and was associated with a number of crypto phishing websites. 

Phished wallet addresses. Source: X/@realScamSniffer
Phished wallet addresses. Source: X/@realScamSniffer

Furthermore, PeckShield reported that the attacker had already started transferring the stolen funds.

They swapped the rETH and stETH for around 13,785 ETH, worth roughly $22.5 million, and 1.64 million DAI

The report added that FixedFloat has already received a transfer of around 451,000 DAI. FixedFloat is an automated cryptocurrency exchange using the Lightning Network.

Stolen funds path. Source: X/@PeckShieldAlert
Stolen funds path. Source: X/@PeckShieldAlert 

Phishing is a form of social engineering scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware.

Recently, some of these malicious links have even been found on Google as advertisements. Additionally, one fake Google crypto ad resulted in a victim almost falling for a scam that would have ended in a nearly $900,000 loss.

In August, BeInCrypto reported that scammers stole 675,000 USDT and seven NFTs in two phishing attacks.

Read more: 15 Most Common Crypto Scams To Look Out For

New Threat Actor Detected

On September 6, cybersecurity firm Group-IB warned of a major phishing threat actor called “W3LL”. The threat actor runs a hidden underground market selling tools to bypass Microsoft 365 multifactor authentication (MFA).

Moreover, the custom phishing kit called the “W3LL Panel” targets corporate Microsoft 365 accounts.

Additionally, estimates suggest that between October 2022 and July 2023, over 56,000 accounts were compromised.

Experts warned that the tools signal a dangerous new era of sophisticated “adversary-in-the-middle” phishing attacks designed to bypass MFA that will be hard to detect.

Top crypto projects in the US | July 2024
Harambe AI Harambe AI Explore
Uphold Uphold Explore
Exodus Exodus Explore
Coinbase Coinbase Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | July 2024
Harambe AI Harambe AI Explore
Uphold Uphold Explore
Exodus Exodus Explore
Coinbase Coinbase Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | July 2024

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

profile.jpg
Martin Young
Martin Young is a seasoned cryptocurrency journalist and editor with over 7 years of experience covering the latest news and trends in the digital asset space. He is passionate about making complex blockchain, fintech, and macroeconomics concepts understandable for mainstream audiences.   Martin has been featured in top finance, technology, and crypto publications including BeInCrypto, CoinTelegraph, NewsBTC, FX Empire, and Asia Times. His articles provide an in-depth analysis of...
READ FULL BIO
Sponsored
Sponsored