Even the big fish in the crypto pond are not immune to scams.
A high-profile cryptocurrency investor has lost an eye-watering $24 million in staked Ethereum (ETH) following a phishing attack. The event has triggered significant concerns over the security of liquid staking providers like Rocket Pool.
The security firm PeckShield reported that the investor lost millions in Lido Staked ETH (stETH) and Rocket Pool ETH (rETH) on September 6th.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
How to Avoid Rug Pulls in Crypto? (5 Ways Explained)
The phishing operation was alarmingly efficient, involving just two transactions that led to the theft of 9,579 stETH and 4,851 rETH. At the current market rates, these amounts were valued at $15.5 million and $8.5 million, respectively.
After acquiring the stolen assets, the perpetrator swapped them for 13,785 ETH and 1.64 million Dai (DAI). PeckShield informed that a significant chunk of the converted DAI had been moved to FixedFloat, an automated cryptocurrency exchange.
MistTrack, a crypto-tracking team from SlowMist, reported that the remaining stolen funds were funneled to three different addresses.
According to Scam Sniffer, the investor fell prey to the phishing attack by signing "Increase Allowance" transactions, granting the fraudster access to spend the staked ETH. These permissions are a feature allowing third parties to spend tokens belonging to someone else through smart contracts.
This loss follows closely on the heels of a recent industry development where several Ethereum liquid staking providers, including Rocket Pool, StakeWise, Stader Labs, and Diva Staking, have initiated or are in the process of creating a self-imposed limit. They have committed to not controlling more than 22% of the Ethereum staking market to foster a more decentralized landscape.
The incident serves as a severe warning about the vulnerabilities in the cryptocurrency staking ecosystem, particularly concerning phishing attacks. It highlights the need for investors to be vigilant when granting permissions or approvals in smart contracts, especially as crypto platforms continue to evolve their security measures.