On-chain data reveals that an altcoin whale named “0x13e382” was liquidated to phishing scammers on Sept. 6, with 4,851 rETH (worth $8.58M) and $9,579 stETH (worth $15.63M) liquid stakes of $24.23M. It shows that Ethereum is losing. Web3 security firm Scam Sniffer has revealed that the whale unwittingly gave token approval to scammers by signing “increaseAllowance” transactions. The firm described the theft as possibly the “largest amount stolen from a single victim”. The stolen funds initially arrived at two addresses, 0x693b72 and 0x4c10a4. However, scammers move some of these assets to the Fixed Float exchange, while the rest are located at three other addresses. Here are the details…
Altcoin whale’s wallet drops to zero
On September 7, 2023, a whale wallet with address 0x13e3 was hacked, resulting in the theft of approximately 24.23 million USD worth of stETH and rETH tokens. Initial investigations suggest that the incident may have been facilitated when the wallet owner clicked on a phishing link. According to reports from Scam Sniffer, the wallet with address 0x13e3 experienced unauthorized withdrawals of 4,850 rETH (approximately 8.5 million USD) and 9,579 stETH (approximately 15.6 million USD) in just two transactions. These tokens were quickly transferred to the attacker’s wallet at 0x693b.
this may be the largest amount ever stolen from a single victim. https://t.co/xwSASQOUis
— Scam Sniffer (@realScamSniffer) September 7, 2023
Then the wallet at address 0x693b converted the stolen stETH and rETH to ETH and transferred them to three different wallet addresses. It is very important to note that rETH and stETH are two important tokens in the liquid staking ecosystem, associated with Rocket Pool and Lido respectively. Further investigations on the DeBank portfolio revealed that the stETH assets in the wallet seized in the LIDO protocol dropped to almost zero. To determine the cause of the breach, investigators examined two transactions involving the whale wallet and found that the 0x4c10 wallet address was involved. This wallet was previously marked as “Fake_Phishing” by Etherscan.
How did the transfer take place?
Prior to the unauthorized transfer of $24 million worth of rETH and stETH, the whale wallet at 0x13e3 gave permission through the “increaseAllowance” method. This action inadvertently empowered the scammer to increase withdrawal limits for these tokens. Scam Sniffer has not only linked the 0x4c10 wallet to this event, but has also found links to multiple cryptocurrency scam websites in the past. The assessment tool rated the 0x4c10 wallet with a score of 100 “Severe”, indicating a high probability of malicious activity. Additionally, Scam Sniffer detected phishing URLs associated with this wallet.
In retrospect, it’s possible that the whale wallet owner accessed a cryptocurrency website with a phishing link. During the transaction signing process, they may have unknowingly fallen victim to the scammer, resulting in significant loss of stETH and rETH. However, the victim still has a balance of 16.3 million USD in their wallet.
