- Slowmist issues an urgent warning following Apple’s release of security updates to neutralize two zero-day exploits delivered via a messaging exploit chain.
- A “crypto whale” loses $24.23 million in a phishing attack, with significant holdings in Lido Staked ETH and Rocket Pool ETH.
- Slowmist advised phishing victims to check Blockscan Chat and complete a recovery form for assistance.
Apple recently released security updates to neutralize two zero-day exploits. These vulnerabilities were part of an exploit chain designed to deliver NSO Group’s malware, known as Pegasus, and targeted a member of a civil society organization in Washington, D.C. Slowmist has issued an urgent warning in this context, advising crypto professionals to promptly update their Apple products to mitigate potential risks.
The vulnerabilities were discovered by Citizen Lab, an internet watchdog group, which then reported them to Apple. In response, the tech giant issued a patch to address these security loopholes. These vulnerabilities were particularly concerning as PassKit attachments containing malicious images were delivered through messages, requiring no interaction from the victim to compromise the device.
This Apple incident comes on the heels of another significant cybersecurity event that jolted the cryptocurrency community. On September 6, a phishing attack led to a staggering loss of $24.23 million for a prominent investor in the crypto space. Identified by the Ethereum address “0x13e382”, this investor, often referred to as a “crypto whale”, had significant holdings in Lido Staked ETH (stETH) and Rocket Pool ETH (rETH).
Security firm PeckShield was among the first to report the incident, via a Twitter thread:
#PeckShieldAlert A whale fell victim to a #phishing attack, losing $24.24M worth of cryptos, including ~4,851 $rETH and 9,579.2 $stETH.
— PeckShieldAlert (@PeckShieldAlert) September 7, 2023
The phisher has already swapped these $rETH and $stETH for ~13,785 $ETH and 1.64M $DAI.
A portion of the $DAI (~451K $DAI) has already been… pic.twitter.com/3jPTJWeqw4
The attacker executed the theft with remarkable precision, carrying it out in two separate transactions. The first transaction involved 9,579 stETH, and the second comprised 4,851 rETH. At the time of the theft, these assets were valued at $15.63 million and $8.58 million, respectively. The stolen assets were then converted into 13,785 ETH and 1.64 million Dai. A significant portion of the Dai was transferred to the cryptocurrency exchange FixedFloat.
Web3 security firm Scam Sniffer disclosed that the investor had unintentionally granted token permissions to the fraudsters. These permissions were granted through “Increase Allowance” transactions, a feature of ERC-20 tokens that enables third parties to spend tokens via smart contracts. The stolen funds were partly transferred to FixedFloat, while the remainder was dispersed across three other addresses:
- https://etherscan.io/address/0x4f2f02ee2f86e9ee8e674c1e8b2837181d12f322
- https://etherscan.io/address/0x7023505ed4b696d174969aa318fbe47b98787e49
- https://etherscan.io/address/0x2abdc2ab2b7e46e0c6bb4e7c816ef64485f4f7ad
For individuals who fell victim to this scam, Slowmist advised checking their Blockscan Chat and completing a recovery form available on their website. The firm noted that additional verification would be necessary to confirm the victim’s identity, after which some information about the scammer could be disclosed.
This event has amplified existing concerns about the adequacy of security measures among liquid staking providers. Prior to this incident, several Ethereum liquid staking providers, including Rocket Pool and StakeWise, had initiated self-limit rules, vowing not to control more than 22% of the Ethereum staking market.The Apple security update and the phishing attack serve as poignant reminders that cybersecurity threats are a universal concern. They are not limited to individual users but extend to large-scale investors in the cryptocurrency arena. Despite technological advancements in security protocols, the crypto industry remains an attractive target for sophisticated phishing attacks and other forms of cybercrime.