en
Back to the list

Hacker Transfers $10M from 2023 Phishing Incident to Tornado Cash

source-logo  coinnounce.com 21 March 2024 13:19, UTC

An account linked to a phishing attack in September 2023 has moved $10 million in Ether to the crypto-mixing protocol Tornado Cash. This incident stems from a hacking event where a crypto whale lost $24 million in staked ETH on the liquid staking provider Rocket Pool. The hacker managed to access the funds by tricking the victim into signing transactions that allowed the attacker to drain the crypto whale's assets.

Phishing Attack Details

The phishing attack involved the victim unknowingly signing an "Increase Allowance" transaction, which gave the hacker approval to spend ERC-20 tokens belonging to the victim. This attack method underscores the importance of caution when interacting with smart contracts and token approvals in the crypto space.

Hacker's Movements

After the initial theft, the hacker swapped the stolen assets for 13,785 ETH and 1.64 million Dai. Some of the Dai was transferred to the FixedFload exchange, while the majority of the stolen funds were moved into other wallets, making tracking and recovery challenging.

Rising Phishing Concerns

Phishing attacks remain a significant concern in the crypto space, with the latest data showing that almost $47 million was lost to such scams in February alone. Ethereum network accounts for 78% of these thefts, with ERC-20 tokens comprising 86% of all stolen assets.

#CertiKInsight 🚨

We are seeing a deposit of 3700 ETH, which is worth over $10M, into Tornado Cash by EOA 0x8cFDAD729de89f09A188312839A0EC3b1522E107 on Ethereum.

The fund traces to a major phishing incident back in September 2023 where $24M (at the time) worth of assets were…

— CertiK Alert (@CertiKAlert) March 21, 2024

Recent Exploits and Responses

Token approvals have also been exploited recently, with an old contract used by the Dolomite exchange leading to a loss of $1.8 million for users who had authorized approvals for the contract. Dolomite's development team urged users to revoke approvals given to the old contract address to prevent further losses.

While some attacks result in substantial losses, quick intervention can prevent further damage. The Layerswap team, for example, prevented further losses after a breach of its website, although hackers still managed to drain about $100,000 in assets from 50 users. Layerswap has committed to refunding the affected users and providing additional compensation for the inconvenience caused.

coinnounce.com