Cryptocurrency Whale Loses $24 Million in Phishing Scam: What You Need to Know
Theft of $24 Million in Cryptocurrency by Phishing Scam
A cryptocurrency whale recently fell victim to a phishing scam, resulting in the loss of $24 million in Rocket Pool Ether (rETH) and Lido staking Ether (stETH) on September 7.
Stolen Cryptocurrencies Deposited into Tornado Cash
A wallet containing at least $24 million in stolen cryptocurrencies deposited 600 Ethereum (ETH) into Tornado Cash, an Ethereum-based privacy tool licensed by the US Treasury. This deposit is estimated to be worth around $936,000.
Proceeds from Phishing Campaigns
The wallet that made the deposit received 2,000 ETH tokens from a wallet named “FakePhishing186943” on the Etherscan block explorer. It appears that FakePhishing186943 has received proceeds from multiple phishing campaigns.
Phishing Attack on Cryptocurrency Whale
A crypto whale, holding a large amount of digital assets, lost $24 million in liquid mortgage derivatives after falling victim to a malicious phishing attack. The attack involved the whale clicking on a fake link, leading to the loss of their assets.
Scammer’s Unauthorized Transaction
As a result of the phishing attack, the scammer gained authorization for the transaction and stole 9,579 Ethereum (stETH), valued at $15.6 million at the time.
Theft from the Whale’s Vaults
In addition to the stolen stETH, the perpetrator drained 4,851 Rocket Pool Ether (rETH), worth $8.5 million, from the whale’s vaults. The theft occurred in two operations, and the looted assets were received by the wallet “FakePhishing186943”.
Depositing into Tornado Cash for Privacy
The deposit into Tornado Cash, a protocol that allows users to hide their transactions, was likely an attempt to evade cryptocurrency trackers and law enforcement. By utilizing this decentralized privacy tool, it becomes challenging to trace the source of the stolen assets.
Concerns and Sanctions
Tornado Cash’s privacy features raised concerns with the US Treasury Department, resulting in its sanctioning in August 2022. The Office of Foreign Assets Control (OFAC) of the Treasury Department claimed that Tornado Cash was used by North Korean hackers and other bad actors for money laundering worth billions.
Legal Actions and Developers
Three developers and co-founders of Tornado Cash were charged with conspiracy and evasion of sanctions. Roman Storm, one of the developers, pleaded not guilty to criminal charges, had his Russian passport confiscated, and was issued a $2 million bail. Another developer, Alexei Burtsev, accused of money laundering, spent nine months in Dutch detention before being released in April 2023.