AAPL 
MSFT 
GOOGL 
AMZN 
TSLA 
NVDA 
META 
JPM 
V 
JNJ 
UNH 
DIS 
NFLX 
After engaging with a malicious link created by phishing scammers, a significant crypto investor, often referred to as a “crypto whale,” lost millions in liquid staking derivatives, specifically Rocket Pool (rETH) and Lido staked Ethereum (stETH).
This incident, described by blockchain analytics provider Peckshield as a phishing attack, resulted in total losses estimated at $24 million in cryptocurrencies. The whale’s wallet was drained of 4,851 rETH valued at approximately $8.5 million and 9,579 stETH worth around $15.6 million.
Both rETH and stETH are types of liquid staking derivatives linked to Ethereum’s native token, Ether (ETH). On-chain data revealed that the theft occurred in two separate transactions, initiated after the whale inadvertently authorized access following a click on the phishing link.
Once the scammers gained access to the whale’s wallet, they transferred the stolen rETH and stETH tokens to an address misleadingly labeled “Fake_Phishing186943.” According to Peckshield, the stolen assets were subsequently swapped for 13,785 ETH and 1.6 million in DAI, a stablecoin by Maker. The scammer also distributed a portion of the DAI to various platforms, including a non-custodial exchange, and utilized a mixing service.
Phishing schemes in the cryptocurrency space often lure users by disguising malicious links as legitimate URLs, allowing scammers to authorize unauthorized transactions and withdrawals from victims’ wallets before funneling the stolen funds through mixers and anonymization tools.
The $24 million loss in ETH derivatives marks just one of many similar incidents reported in 2023. For instance, in March, another victim fell prey to a phishing scam, losing $3.8 million in Rocket Pool (RPL).
Phishing hackers have also targeted holders of non-fungible tokens (NFTs), users of popular wallets like MetaMask, social media accounts, and even entire blockchains. To combat these threats, some networks, like Terra, have even paused their websites to mitigate phishing attacks.
