A crypto whale fell victim to a phishing scam, losing $24 million in Rocket Pool Ether (rETH) and Lido staked Ether (stETH) on Sept. 7.
A wallet tied to at least $24 million in stolen cryptocurrencies deposited 600 Ether (ETH) worth an estimated $936,000 into Tornado Cash, an Ethereum-based privacy tool sanctioned by the US Treasury Department.
The address received 2000 ETH tokens from a wallet labeled “FakePhishing186943” on block explorer Etherscan. FakePhishing186943 seems to be the recipient of proceeds from multiple phishing campaigns.
On Sep. 7, a crypto whale fell victim to one of these malicious attacks masterminded by phishers. The whale, crypto’s term for addresses with large amounts of digital assets, lost $24 million in liquid staking derivatives after clicking a fake link, according to on-chain analytics provider CertiK.
#CertiKSkynetAlert🚨We have seen a movement of funds into @TornadoCash from eoa 0x71C8 who has deposited 600 ETH (~$970K) out of 2000 ETH received from "FakePhishing186943".The phisher stole $24M worth of assets from a crypto whale on Sept 6th.https://t.co/ZuYu2x9Zse
— CertiK Alert (@CertiKAlert) September 11, 2023
As a result, the scammer gained transaction authorization and stole 9,579 Lido staked Ether (stETH) worth $15.6 million at the time.
The culprit also drained 4,851 in Rocket Pool Ether (rETH) valued at $8.5 million from the whale’s coffers. According to Etherscan, the theft happened in two transactions, and “FakePhishing186943” received the looted assets.
You might also like: Crypto whale losses over $24m in phishing scam
The deposit into Tornado Cash, a protocol that allows users to obscure their transactions, is likely an attempt to throw off would-be crypto trackers and law enforcement by tapping a decentralized privacy tool.
This potentially makes it harder to track where assets came from. The tool’s privacy features reportedly stirred concerns with the US Treasury Department, and sanctions on Tornado Cash were eventually placed in August 2022.
Indeed, the Treasury’s Office of Foreign Assets Control (OFAC) claimed North Korean hackers and other bad actors leveraged Tornado Cash for billions in money laundering.
A trio of developers and co-founders were also accused of conspiracy and evasion of sanctions due to their contribution to Tornado Cash.
Roman Storm, one of the three devs, pleaded not guilty to criminal charges on Sep. 6. The court confiscated his Russian passport and issued a $2 million bail.
Another fellow developer, Alexey Pertsev, accused of money laundering, spent nine months in Dutch detention before his release in April 2023.
Read more: Tornado Cash developer Alex Pertsev to be released from jail
