March 27, 2024
Latest Cryptocurrency News

$24M Crypto Hack, CertiK Flags Phishing Vulnerabilities

Blockchain security firm CertiK has identified a concerning development in the aftermath of a $24 million crypto hack, revealing that 3,700 ETH from the stolen funds have been transferred to Tornado Cash. The hack, which occurred on Sept. 6, 2023, targeted a crypto whale who lost significant holdings in a phishing incident.

Phishing Attack Unveiled

The victim, a crypto whale, suffered losses when their liquid staking provider Rocket Pool was compromised, resulting in the theft of 9,579 stETH and 4,851 rETH in two separate transactions. Anti-scam project Scam Sniffer highlighted that the victim inadvertently facilitated the theft by signing an “Increase Allowance” transaction, granting token approvals to the hacker.

Funds transferred to Tornado Cash by the hacker. Source: Etherscan

Ripple Effects in the Crypto Space

The incident sheds light on the vulnerability of token allowances within smart contracts, with experts warning about the potential for malicious exploitation. PeckShield, another blockchain security company, revealed that the attacker swiftly exchanged the stolen assets for 13,785 ETH and 1.64 million Dai, with a portion of the Dai ending up on the FixedFload exchange.

Rising Threat of Phishing Attacks

Phishing attacks continue to plague the crypto space, with Scam Sniffer’s recent report indicating nearly $47 million lost to such scams in February alone. Ethereum network remains a prime target, with ERC-20 tokens accounting for a significant portion of assets stolen.

In a separate incident on March 20, an old contract associated with the Dolomite exchange facilitated a loss of $1.8 million from users who had authorized approvals for the contract. The exchange urged users to revoke approvals promptly to mitigate further risks.

While some breaches result in substantial losses, swift intervention can prevent further damage, as demonstrated by the Layerswap team’s response to a breach of its website on the same day. Despite losing approximately $100,000 in assets from 50 users, Layerswap has committed to refunding affected users and providing additional compensation.

Image by fszalai from Pixabay

Related posts

Jeeves CEO Thazhmon Unveils Doha Expansion at Web Summit Qatar 2024

Eva Moore

Tether’s Tightens ToS in Singapore Bars Certain Corporate Entities: Cake DeFi Reacts

Cheryl  Lee

Korean Wholesale CBDC Pilot: A New Frontier in Digital Finance

Anna Garcia

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More