In the early morning of September seven, 2023, $24.23 million was stolen from the 0x13e3 whale wallet when trading stETH and rETH, most possible due to clicking on a phishing website link.
The ETH “whale” was robbed of in excess of $24 million due to phishing. Photo: Wikipedia
Transaction data
According to Scam Sniffer, fish wallet 0x13e3 This has been withdrawn four,850 rETH (roughly $eight.five million) AND 9,579 stETH (roughly $15.six million) with just two operations. This quantity of stETH and rETH is transferred right to the wallet 0x693b of the attacker. Wallet 0x693b then converted stETH and rETH to ETH and transferred them to 3 various wallet addresses. rETH and stETH are the liquid staking tokens of Rocket Pool and Lido respectively.
Transactions are withdrawn stETH and rETH. Source: DeBank
The quantity of ETH is dispersed across other wallets. Source: ZachXBT
When checking the quantity of stETH of this wallet by means of the Wallet area on DeBank, the quantity of stETH on the LIDO protocol is pretty much zero.
Amount of stETH remaining on LIDO. Source: DeBank.
Cause of the hack
To discover out the bring about of the over incident, when checking the transactions of two whale wallets, wallet participation was identified 0x4c10. This wallet was previously flagged as Fake_Phishing by Etherscan.
The 0x4c10 wallet interacts with Rocket Pool: rETH token. Source: Etherscan
The 0x4c10 wallet interacts with Lido: stETH Token. Source: Etherscan
Before staying transferred to $24 million of rETH and stETH respectively on whale wallets 0x13e3 have agreed and signed to carry out the transaction via the technique “indemnity increase”which permitted the scammer to improve the quantity of tokens withdrawn.
Whale wallets signal transactions by means of the “increaseAllowance” technique. Source: Etherscan
According to Scam Sniffer, wallet 0x4c10 Not only is it linked to this incident, but it has previously been linked to a lot of other cryptocurrency scam sites. According to the evaluation device, for illustration 0x4c10 it is very localized in wallet hacking occasions and has a “Severe” rating of one hundred. Additionally, Scam Sniffer also reviews phishing of linked URLs.
Check the 0x4c10 wallet. Source: Scam Sniffer
Phishing URLs. Source: Scam Sniffer
If we search back at the incident, it is attainable that this whale wallet accessed a cryptocurrency web site containing a phishing website link and when signing the transaction, the scammer accidentally withdrew a huge quantity of stETH and rETH. Even so, the stability in the victim’s wallet at this time There is nevertheless $sixteen.three million left.
Phishing victim 0x13e382dfe53207e9ce2eeeab330f69da2794179e’s wallet misplaced USD 24 million ETH
In addition to phishing, there are presently a lot of tricks to defraud and mistreat traders, this kind of as transferring tokens to a series of wallets participating in the airdrop to be marked as sybil, or tricks to impersonate a wallet that is pretty much the very same as a acquainted withdrawal tackle . the consumer.
Cameron
Join the discussion on the HOTTEST troubles of the DeFi industry in the chat group Coinlive Chats with the administrators of Coinlive!!!
