KEY POINTS
- The phishing-linked address moved 3,700 Ether to Tornado Cash Thursday, Certik said
- A crypto whale lost over $24M in September, with the phishing scammer immediately swapping the stolen crypto
- In February alone, around $47 million was lost to crypto phishing scams, Scam Sniffer said
A deposit of over $10 million worth of Ether (ETH) into Tornado Cash was detected by a blockchain and decentralized finance (DeFi) monitoring firm Thursday. The deposited funds have been traced back to a major phishing incident in September, wherein a crypto whale lost over $24 million.
Blockchain security firm Certik flagged the movement of 3,700 ETH worth over $10 million based on current prices. "The fund traces to a major phishing incident back in September 2023 where $24M (at the time) worth of assets were lost," Certik said on X (formerly Twitter) on Thursday.
#CertiKInsight 🚨
— CertiK Alert (@CertiKAlert) March 21, 2024
We are seeing a deposit of 3700 ETH, which is worth over $10M, into Tornado Cash by EOA 0x8cFDAD729de89f09A188312839A0EC3b1522E107 on Ethereum.
The fund traces to a major phishing incident back in September 2023 where $24M (at the time) worth of assets were…
Certik noted that the crypto community should remain vigilant following the latest movement of stolen funds.
Blockchain security and data analytics company PeckShield first reported about a crypto whale falling victim to a phishing attack early in September. In the said attack, a total of 9,579.2 staked ETH (stETH) were among the stolen assets.
#PeckShieldAlert A whale fell victim to a #phishing attack, losing $24.24M worth of cryptos, including ~4,851 $rETH and 9,579.2 $stETH.
— PeckShieldAlert (@PeckShieldAlert) September 7, 2023
The phisher has already swapped these $rETH and $stETH for ~13,785 $ETH and 1.64M $DAI.
A portion of the $DAI (~451K $DAI) has already been… pic.twitter.com/3jPTJWeqw4
The pilfered cryptocurrencies were swapped for 13,785 ETH and 1.64 million worth of Dai (DAI) stablecoin. A total of 451,000 DAI were also transferred into instant crypto exchange Fixed Float shortly after the phishing attack.
Other blockchain security firms also picked up the crypto whale's massive loss, with Scam Sniffer calling the phishing attack "insane." MistTrack, the crypto tracking team of blockchain security firm SlowMist, said most of the remaining funds that weren't put on Fixed Float were stashed in three different digital wallets.
insane! someone lost $24.23m worth of stETH and rETH to crypto phishing 8 hours ago!https://t.co/CKeSxGkbjU pic.twitter.com/Xq46p10NlP
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) September 7, 2023
Some of the funds were transferred to @FixedFloat , and most of the funds remained in the following 3 addresses.
— MistTrack🕵️ (@MistTrack_io) September 7, 2023
0x4f2f02ee2f86e9ee8e674c1e8b2837181d12f322
0x7023505ed4b696d174969aa318fbe47b98787e49
0x2abdc2ab2b7e46e0c6bb4e7c816ef64485f4f7ad https://t.co/tj9C1XjhTE pic.twitter.com/a4UuoYOV2o
News of the transfer of cryptocurrencies linked to the phishing scam comes as phishing hackers continue to evolve their attacks along with the crypto industry's technological revolution.
Earlier this month, the X account of Web3 messaging solution Beoble was compromised by phishing actors who posted a fake token-related claim for users of the platform. Some users claimed their wallets were "drained." Others hoped the platform would "take some responsibility and compensate."
Scam Sniffer said in its February phishing report that around 57,000 victims collectively lost approximately $47 million to crypto phishing scams. "Most of the thefts of all ERC20 tokens were due to assets being stolen as a result of signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2," the web3 anti-scam tracker noted.
🚨 [1/6] ScamSniffer's February Phishing Report
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) March 10, 2024
In February, about 57,000 victims lost approximately $47 million to crypto phishing scams.
Compared to January, the number of victims who lost over $1 million decreased by 75%. pic.twitter.com/UgZk0K91lH
Interestingly, the crypto whale who lost over $24 million in September enabled token approvals to the phishing actor by signing Increase Allowance transactions.
