Phishing Incident: Hacker Transfers $10M to Tornado Cash
In September 2023, an account involved in a phishing attack transferred $10 million worth of Ether to the crypto-mixing protocol Tornado Cash. This account was linked to a previous hack in which $24 million was stolen and transferred to Tornado Cash on March 21. The funds were originally taken from a crypto whale during a phishing incident, resulting in the loss of $24 million in staked ETH on Rocket Pool. The hack took place in two transactions, with one taking 9,579 stETH and the other draining 4,851 rETH from the victim.
According to Scam Sniffer, the victim unknowingly signed an “Increase Allowance” transaction, which allowed the hacker to gain access to their ERC-20 tokens. This feature of smart contracts enables third parties to spend tokens with the owner’s approval, which has raised concerns about potential scams within the crypto space. PeckShield, a blockchain security company, detected that the attacker swapped the stolen assets for 13,785 ETH and 1.64 million Dai. Some of the Dai was transferred to the FixedFloat exchange, while most of the funds were moved to other wallets.
Phishing attacks remain a significant issue in the crypto space, with nearly $47 million lost to these scams in February alone, according to Scam Sniffer’s report. The report revealed that 78% of the thefts occurred on the Ethereum network, and ERC-20 tokens accounted for 86% of all stolen assets. Token approvals have also caused recent losses, as demonstrated by the $1.8 million drained from users through an old contract used by the Dolomite exchange on March 20. Users who had authorized approvals for the contract were affected, leading Dolomite’s development team to advise users to revoke their approvals.
While some attacks result in substantial losses, there are instances where quick intervention prevents further damage. On March 20, the Layerswap team managed to prevent additional breaches of its website after intervention from its domain provider. The hackers still managed to drain approximately $100,000 in assets from 50 users. In response, Layerswap has committed to refund the affected users and provide compensation for the inconvenience caused.
9 thoughts on “Phishing Incident: Hacker Transfers $10M to Tornado Cash”
Leave a Reply
You must be logged in to post a comment.
Seriously, how does someone fall for a phishing attack not once, but twice? It’s just negligence at this point.
This is why we always need to be skeptical and double-check everything in the crypto space. Stay informed and don’t fall for phishing attempts!
The loss of $1.8 million through an old contract used by Dolomite is a stark reminder that even established platforms are vulnerable. Let’s always stay cautious!
I can’t believe how much money was lost in just two transactions. It’s mind-boggling!
I hope that Scam Sniffer’s report raises awareness about the dangers of phishing attacks and encourages more people to secure their crypto assets.
Wow, these phishing attacks are getting out of hand! We need better security measures in place to protect our assets.
This is why I stick to traditional forms of banking. Crypto just seems too risky for me. 💸
Kudos to the Layerswap team for their quick intervention! 👏 They’re setting a great example by taking responsibility and compensating the affected users. 💪
The fact that these scams are so prevalent is really concerning. Authorities need to crack down on these hackers.