$10 Million in Crypto Assets Moved to Tornado Cash Following Major Phishing Attack

Mar 22, 2024

A cryptocurrency "whale" lost significant financial assets in 2023 through a sophisticated phishing attack, where the victim unknowingly authorized transactions that granted the attacker access to their digital assets.

The compromised account involved in the September 2023 phishing incident has now transferred $10 million worth of Ether to Tornado Cash, a cryptocurrency mixing service designed to obscure transaction trails.

On March 21, blockchain security firm CertiK identified that an account connected to the $24 million hack had moved 3,700 ETH to Tornado Cash. These funds were originally stolen from the cryptocurrency whale during the September 6, 2023 phishing incident.

Attack Details and Asset Movement

The initial attack occurred in two distinct phases targeting assets on the Rocket Pool liquidity staking service. The first phase resulted in the theft of 9,579 stETH, while the second phase saw 4,851 rETH being extracted from the victim's wallet.

Security project Scam Sniffer revealed that the victim had authorized an "Increase Allowance" transaction, a critical security vulnerability that enabled the attacker to approve token transfers for their own benefit. This ERC-20 token functionality permits third parties to spend tokens belonging to others when proper authorization is granted.

Token approval vulnerabilities have become a significant topic of discussion within the blockchain security community, with security experts highlighting the potential dangers of malicious smart contract implementations exploiting these permission systems.

Fund Tracing and Conversion

Blockchain security firm PeckShield documented that the attacker converted the stolen assets into 13,785 ETH and 1.64 million Dai stablecoins. A portion of these DAI tokens were subsequently transferred to the FixedFload exchange, while the remaining stolen funds were distributed across multiple wallets to complicate tracking efforts.

Industry-Wide Phishing Threats

Phishing attacks continue to pose a significant threat to digital asset security across the cryptocurrency ecosystem. According to a recent report from Scam Sniffer, nearly $47 million was lost to phishing-related scams in February alone.

The report highlighted that 78% of these theft incidents occurred on the Ethereum network, with ERC-20 tokens representing 86% of all misappropriated funds.

Recent Contract Exploitation Incidents

Token approval vulnerabilities have recently led to other significant losses. On March 20, an outdated contract previously utilized by the Dolomite exchange was exploited, resulting in $1.8 million being drained from users who had previously authorized the contract.

Following this incident, Dolomite's development team urgently advised users to revoke all permissions granted to the deprecated contract address to prevent further losses.

Security Response Effectiveness

While some cryptocurrency theft attempts result in substantial losses, effective security responses can limit damage. On March 20, the Layerswap team successfully contained a website compromise thanks to rapid response from their domain provider.

Despite the quick intervention, attackers still managed to extract approximately $100,000 from around 50 users. Layerswap has committed to reimbursing affected users and providing additional compensation for the inconvenience caused.

These security incidents underscore the persistent risk of phishing attacks in the digital asset space and highlight the critical importance of security awareness. The exploitation of token approval mechanisms and smart contract vulnerabilities demonstrates the need for enhanced user education and security practices to safeguard cryptocurrency holdings.

As attackers deploy increasingly sophisticated methods, cryptocurrency holders must maintain vigilance when authorizing transactions and approving smart contract interactions. The continued collaboration between security firms, platforms, and the broader community remains essential in developing more robust protective measures against these evolving threats.