This Altcoin Whale Victims to Million Dollar Hack!

On-chain data shows that an altcoin whale named “0x13e382” sent phishing scammers $24.23 million worth of liquid stakes, including 4,851 rETH (valued at $8.58 million) and 9,579 stETH (valued at $15.63 million) on September 6. It shows that Ethereum is losing. Web3 security firm Scam Sniffer revealed that the whale unknowingly gave token approval to fraudsters by signing “increaseAllowance” transactions. The firm described the theft as possibly “the largest amount stolen from a single victim.” The stolen funds initially arrived at two addresses: 0x693b72 and 0x4c10a4. However, the fraudsters moved some of these assets to the Fixed Float exchange, while the rest is located at three other different addresses. Here are the details…

Altcoin whale’s wallet dropped to zero

On September 7, 2023, a whale wallet with address 0x13e3 was cyberattacked, resulting in the theft of stETH and rETH tokens worth approximately USD 24.23 million. Initial investigations suggest that the incident may have been facilitated by the wallet owner clicking on a phishing link. According to reports from Scam Sniffer, the wallet with address 0x13e3 experienced unauthorized withdrawals of 4,850 rETH (approximately USD 8.5 million) and 9,579 stETH (approximately USD 15.6 million) in just two transactions. These tokens were quickly transferred to the attacker’s wallet at address 0x693b.

Then the wallet at address 0x693b converted the stolen stETH and rETH to ETH and transferred them to three different wallet addresses. It is very important to note that rETH and stETH are two important tokens in the liquid staking ecosystem, associated with Rocket Pool and Lido respectively. Further investigations on the DeBank portfolio revealed that the stETH assets in the wallet seized in the LIDO protocol dropped to almost zero. To determine the cause of the breach, investigators examined two transactions involving the whale wallet and found that the 0x4c10 wallet address was involved. This wallet was previously marked as “Fake_Phishing” by Etherscan.

How did the transfer happen?

Prior to the unauthorized transfer of $24 million worth of rETH and stETH, the whale wallet at 0x13e3 gave permission through the “increaseAllowance” method. This action inadvertently empowered the scammer to increase withdrawal limits for these tokens. Scam Sniffer has not only linked the 0x4c10 wallet to this event, but has also found links to multiple cryptocurrency scam websites in the past. The assessment tool rated the 0x4c10 wallet with a score of 100 “Severe”, indicating a high probability of malicious activity. Additionally, Scam Sniffer detected phishing URLs associated with this wallet.

In retrospect, it’s possible that the whale wallet owner accessed a cryptocurrency website with a phishing link. During the transaction signing process, they may have unknowingly fallen victim to the scammer, resulting in significant loss of stETH and rETH. However, the victim still has a balance of 16.3 million USD in their wallet.