Scammers Used ‘Sophisticated Social Engineering’ Tricks To Target Crypto Whale In $24M Hack

Hackers reportedly stole an eye-watering $24 million worth of crypto from a prominent investor, known as a “whale”, in a major security incident last week. Analysis of the Sept. 6 attack shows that the victim was likely targeted through a “phishing” scam that enabled the attacker to access their Ethereum wallet.

The stolen assets were “liquid staking derivatives”, which are tokens issued to investors who stake Ethereum on certain DeFi protocols. Reports suggest that the attackers swiped 4,851 Rocket Pool ETH (rETH), worth $8.5 million, and 9,579 Lido Staked ETH (stETH), valued at $15.6 million.

The unidentified investor is considered to be a “crypto whale” because they held such sizable assets that they’re able to influence market prices single-handedly. The security firms BlockSec and Beosin later said their analysis of the incident shows that the investor was probably targeted using phishing tactics and unwittingly enabled the attacker to authorize transactions from their wallet.

Once the attacker gained access, they drained the victim’s wallet swiftly, in an incident that shows how phishing scammers are becoming increasingly professional and sophisticated.

The unfortunate incident serves as a reminder of the unique dangers faced by crypto investors. While the decentralization of crypto is empowering, as it gives individuals more financial autonomy, it can also be a double-edged sword, as transactions are irreversible, meaning the individual is entirely responsible for their own security. In addition, decentralization means cyber criminals often remain untraceable.

“A sophisticated attack”

Most crypto users are aware of the risks and so the attack raises questions about how such a prominent investor, who is almost certainly well-versed in the manner of phishing scams and security best practices, was able to fall victim to such a scam. It could well be that the whale in question simply let his or her guard down, or was somehow swayed by emotions, said Brandon Brown CEO and Co-Founder of the personal wallet protection startup FairSide.

“It’s human nature to occasionally let our guard down, especially in a space as dynamic as crypto,” Brown said. “Whether it’s a momentary lapse in judgment, a simple oversight, or a six-month-long social engineering attack, one wrong click can have devastating consequences. In such a high-stakes environment, even the most experienced can falter.”

According to FairSide, scammers have become incredibly successful at using psychology to exploit human behavior and capitalize on moments of vulnerability. They rely on feelings of FOMO, urgency, emotional manipulation and abnormal situations, he said.

“We suspect this was a sophisticated social engineering attack,” CEO stated. “While the victim likely took fundamental precautions such as using a hardware wallet and verifying URLs, they might not have thwarted this particular scam due to its sophistication.”

Although it is difficult for law enforcement to trace crypto hackers and recover stolen funds, there is some hope for the victim of this particular incident, given its high profile nature. Blockchain might be essentially anonymous, but it is also transparent, with all transactions recorded publicly. Sometimes it can be possible to link individuals to specific wallet addresses and identify the culprits of such incidents.

Brown said there is a slight chance that the stolen funds might one day be recovered, even if it takes years. “Blockchain detectives like ZachXBT and Coffeezilla can be hired to assist in tracking down scammers, which has sometimes led to criminal charges and fund recovery,” he pointed out. “However, generally speaking, getting accountability and recovering lost funds in cryptocurrency is extremely difficult.”

The chances of recovering the funds likely depends on the professionalism of the hacker, but unfortunately for the victim it seems like he or she knows what they’re doing. The stolen funds were initially deposited in two Ethereum wallet addresses: “0x693b72” and “0x4c10a4”, the latter of which has been linked to multiple phishing domains. From those wallets, the bulk of the funds were transferred to the Fixed Float exchange and then distributed to various other exchanges and crypto services.

It’s not clear if the victim of this attack had taken any precautions against such an enormous loss. Crypto insurance is a relatively new concept with very few providers that cater to the industry. Fairside’s standard policy covers a maximum of 100 ETH per wallet, but can also provide customized services for crypto whales.