📰Yello Paradisers!
Here is some breaking news for you. A high-profile crypto investor has been swindled out of $24 million in staked Ethereum, with the funds being staked through the Rocket Pool platform.
📰 Details of the Attack
The attacker managed to steal the funds in just two transactions, compromising 9,579 stETH and 4,851 rETH. These stolen assets were valued at $15.5 million and $8.5 million, respectively, at the time of the attack on September 6.
📰 Aftermath
According to PeckShield, a cybersecurity firm, the attacker converted the stolen assets into 13,785 Ether tokens. A large chunk of these tokens has already been moved to the FixedFloat cryptocurrency exchange.
📰 Tracking the Funds
MistTrack, a specialized crypto tracking team, has reported that the majority of the remaining stolen assets have been transferred to three distinct addresses.
📰 Security Risks
The victim had previously enabled token approvals for the scammer by signing transactions that increased allowances, a feature inherent to ERC-20 tokens that has been identified as a security risk.
This event occurs in the backdrop of multiple Ethereum liquid staking providers, including Rocket Pool, initiating measures to limit their ownership to no more than 22% of the Ethereum staking market.
📰 Final Thoughts
This alarming incident underscores the inherent risks in staking and token approvals, particularly in the rapidly evolving landscape of liquid staking.
📰ParadiseTeam 🌴