600 Ether from phishing exploit deposited into Tornado Cash
A crypto whale fell victim to a phishing scam, losing $24 million in Rocket Pool Ether (rETH) and Lido staked Ether (stETH) on Sept. 7.
A wallet tied to at least $24 million in stolen cryptocurrencies deposited 600 Ether (ETH) worth an estimated $936,000 into Tornado Cash, an Ethereum-based privacy tool sanctioned by the US Treasury Department.
The address received 2000 ETH tokens from a wallet labeled “FakePhishing186943” on block explorer Etherscan. FakePhishing186943 seems to be the recipient of proceeds from multiple phishing campaigns.
On Sep. 7, a crypto whale fell victim to one of these malicious attacks masterminded by phishers. The whale, crypto’s term for addresses with large amounts of digital assets, lost $24 million in liquid staking derivatives after clicking a fake link, according to on-chain analytics provider CertiK.
As a result, the scammer gained transaction authorization and stole 9,579 Lido staked Ether (stETH) worth $15.6 million at the time.
The culprit also drained 4,851 in Rocket Pool Ether (rETH) valued at $8.5 million from the whale’s coffers. According to Etherscan, the theft happened in two transactions, and “FakePhishing186943” received the looted assets.
The deposit into Tornado Cash, a protocol that allows users to obscure their transactions, is likely an attempt to throw off would-be crypto trackers and law enforcement by tapping a decentralized privacy tool.
This potentially makes it harder to track where assets came from. The tool’s privacy features reportedly stirred concerns with the US Treasury Department, and sanctions on Tornado Cash were eventually placed in August 2022.
Indeed, the Treasury’s Office of Foreign Assets Control (OFAC) claimed North Korean hackers and other bad actors leveraged Tornado Cash for billions in money laundering.
A trio of developers and co-founders were also accused of conspiracy and evasion of sanctions due to their contribution to Tornado Cash.
Roman Storm, one of the three devs, pleaded not guilty to criminal charges on Sep. 6. The court confiscated his Russian passport and issued a $2 million bail.
Another fellow developer, Alexey Pertsev, accused of money laundering, spent nine months in Dutch detention before his release in April 2023.