Back to main

$10 Million in Stolen Ether Moved to Crypto Mixer in Aftermath of Phishing Attack

In a notable development within the cryptocurrency security landscape, a blockchain security firm, CertiK, reported on March 21 that an account implicated in a major phishing scam in September 2023 has recently transferred $10 million worth of Ether to Tornado Cash, a crypto-mixing protocol.

This account was part of a larger hack totaling $24 million, originating from an attack on a significant cryptocurrency investor, or “crypto whale,” on September 6, 2023.

The victim of this phishing attack lost a substantial amount of staked Ether (ETH) through the liquid staking provider Rocket Pool.

The attackers managed to siphon funds in two separate transactions, extracting 9,579 stETH and 4,851 rETH respectively.

According to Scam Sniffer, an anti-scam initiative, the breach occurred when the victim approved an “Increase Allowance” transaction, inadvertently granting the hackers permission to access their ERC-20 tokens via a token allowance mechanism—a feature that enables third parties to spend tokens on behalf of the token holder.

The conversation around token allowances has been prominent within the cryptocurrency community, with many voicing concerns over the potential for misuse through the deployment of malicious smart contracts.

Further investigation by another blockchain security firm, PeckShield, revealed that the fraudsters converted their illicit gains into 13,785 ETH and 1.64 million Dai, dispersing a portion of these funds through the FixedFload exchange and other digital wallets.

READ MORE: SBF’s Legal Team Calls 50-Year Sentence Proposal ‘Medieval’, Advocates for Leniency in High-Profile Crypto Case

This incident underscores the persistent risk of phishing scams in the cryptocurrency domain, which continue to result in significant financial losses.

A recent report by Scam Sniffer highlighted that nearly $47 million was stolen through crypto phishing in February alone, with the majority of these incidents occurring on the Ethereum network and primarily involving ERC-20 tokens.

Moreover, token approvals emerged as a focal point of vulnerability once again on March 20, when an outdated contract from the Dolomite exchange was exploited to withdraw $1.8 million from unsuspecting users.

This incident prompted Dolomite’s developers to advise users to revoke any permissions granted to the compromised contract address.

While the cryptocurrency community has seen its share of successful security interventions, such as the Layerswap team’s quick response to a breach on March 20, preventing further losses after hackers had already extracted about $100,000 from 50 users, these episodes serve as a stark reminder of the ongoing challenges and risks associated with digital asset security.


To submit a crypto press release (PR), send an email to [email protected].

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Read on Crypto Intelligence Investment Disclaimer