A hacker has transferred $10 million from a 2023 phishing incident to Tornado Cash

A hacker has transferred $10 million from a 2023 phishing incident to Tornado Cash. The funds were originally taken from a cryptocurrency whale in 2023 when the holder authorized transactions, allowing the attacker to access the funds.

On March 21, blockchain security firm CertiK identified an account associated with the $24 million hack, transferring 3,700 ETH to Tornado Cash. The funds were initially acquired from a crypto whale during a phishing incident on September 6, 2023.

During the attack, the investor lost $24 million in staked ETH on the liquid staking provider Rocket Pool. The hack occurred through two transactions, where 9,579 stETH and 4,851 rETH were drained from the crypto whale.

According to Scam Sniffer, an anti-scam project, the victim inadvertently signed an “Increase Allowance” transaction, granting token approvals to the hacker. This feature, enabled by smart contracts, permits third parties to spend ERC-20 tokens belonging to others if approval is granted.

The exploitation of token allowances has raised concerns within the crypto community, with warnings issued about the potential deployment of malicious smart contracts for scams.

Blockchain security company PeckShield reported that the attacker exchanged the assets for 13,785 ETH and 1.64 million Dai. Some of the Dai was transferred to the FixedFload exchange, while the majority of the stolen funds were relocated to other wallets.

Phishing attacks remain a significant issue in the crypto space. Scam Sniffer’s crypto phishing report revealed that nearly $47 million was lost to crypto phishing scams in February alone. The report highlighted that 78% of the thefts occurred on the Ethereum network, with ERC-20 tokens comprising 86% of the stolen assets.

Token approvals have also resulted in recent losses for crypto users. On March 20, an outdated contract previously utilized by the Dolomite exchange was exploited, resulting in the draining of $1.8 million from users.

Affected users had authorized approvals for the contract, prompting Dolomite’s development team to advise users to revoke approvals granted to the outdated contract address.

While some attacks have resulted in significant losses, prompt action has thwarted others. On March 20, the Layerswap team prevented further damage following a breach of its website, with intervention from its domain provider.

Nevertheless, hackers managed to drain approximately $100,000 in assets from 50 users. The protocol has committed to refunding affected users and providing additional compensation to mitigate any inconvenience caused.