Crypto has its downside: the worry of losing all your funds, even in an investment that seems promising. This concern became evident when a dedicated user recently fell victim to a staking exploit and lost $7 million in Ethereum (ETH).
Notwithstanding, reports have made the rounds that, in a wild turn of events, the funds have been recovered. This incident has left a staggering mark on the potential risks involved in crypto endeavours and also portrays the positive outlook that surfaces with time in the crypto space.
Details surrounding this specific outcome remain vague and rumoured. Reports suggest that it involved re-staking funds, a situation that seasoned hackers could exploit to steal funds.
In cryptocurrency staking, users lock their assets in support of a blockchain and its networks and are rewarded in return. Unfortunately, there is room for vulnerability, which leads to fund loss in this process.
The recent loss of $7 million clearly explains the need to do due diligence and thoroughly research any cryptocurrency staking before proceeding.
Scam sniffer also noted that the victim is said to have recouped 80% of the stolen funds after the scammers kept a bounty of 20%.
✨⏳looks like the victim recovered 80% (1445 ETH) of stolen funds by paying a 20% (362 ETH) bounty. https://t.co/lv8dhYgwOb pic.twitter.com/jcXUynyCJV
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 27, 2024
The analyst also claims that the address of the wallet involved in this breach suffered a permit phishing attack.
This means a malicious actor generated an authentic off-chain authorization signature for the designated recipient, and there was a transfer of ERC-20 tokens from a wallet they didn't own.
In another report, SlowMist lent a voice to the attack. It said the attack was made executable because of an overlooked feature in the Ethereum network introduced through EIP-2612.
It said the EIP-2612 enables smooth user interaction with the smart contract without any requirement for prior authorization due to the addition of an authorization network. The permit function can be executed on any account, irrespective of its ownership.
In the call for security, SlowMist informed owners that if they have previously compromised their wallet signatures on phishing websites, their account can execute the function even if they did not approve any such transactions. Thus, scammers could obtain the permit and exploit their tokens from their wallets.
They suggested that to guard against attacks, "it is recommended to periodically use authorization tools like RevokeCash (https://revoke.cash) to identify any abnormal authorizations.
For Uniswap Permit 2, the authorization management tool at https://app.scamsniffer.io/permit2 can be utilised for verification. If any irregular authorisations are detected, it is crucial to promptly revoke them."
Hackers have attempted to refund hacked victims before, and a recent incident involving a crypto hacker trying to return $71 million in stolen WBTC left analysts puzzled about the motive.
Conclusion
The news of this recovery of $7 million in Ethereum adds a bright light to the crypto space. It serves as a pointer to others in the community about the need to double-check their investment options and also as a warning of falling into phishing websites.
Reports by bodies like the Cointelegraph have suggested that scams have been on the increase in recent days, up to 53% within the last year. Users are expected to stay alert and watch out.