$24M Phishing Heist: Como os hackers transformaram aprovações de tokens numa máquina de drenagem

Remember when “just approving a transaction” seemed harmless? This March, a blockchain security wake-up call proved otherwise.

Back in September 2023, a crypto whale lost $24 million through a phishing attack targeting Rocket Pool’s staking service. The attack was textbook smooth: hackers tricked the victim into signing an “Increase Allowance” transaction—basically handing over the keys to their token vault. The damage? 9,579 stETH + 4,851 rETH gone in two phases.

Fast-forward to March 21: CertiK spotted the hacker moving 3,700 ETH (~$10M) to Tornado Cash, a mixing service designed to obfuscate fund trails. By then, PeckShield’s analysis showed the stolen assets had been consolidated into 13,785 ETH + 1.64M DAI, with portions already funneled through FixedFloat and scattered across multiple wallets.

Why This Matters (And Why You Should Care)

This wasn’t some exotic smart contract exploit—it was token approval abuse, one of crypto’s most overlooked vulnerabilities. The Scam Sniffer report paints a grim picture: $47 million lost to phishing in February alone, with 78% hitting Ethereum and ERC-20 tokens accounting for 86% of all thefts.

The scariest part? It’s not just big players getting burned. On March 20, Dolomite users discovered an old contract they’d previously approved was being weaponized to drain wallets. The exchange had to issue an emergency revocation notice.

What Went Wrong (And What Could Go Right)

Token approvals are a necessary evil in DeFi—they let protocols execute transactions on your behalf. But here’s the trap: once you approve, you’re trusting that contract forever until you manually revoke it. Hackers exploit this by:

1. Getting you to approve a malicious contract via phishing
2. Draining your wallet systematically over time
3. Mixing funds through services like Tornado Cash to cover tracks

Not all stories end in losses though. Layerswap showed quick incident response can minimize damage—they stopped a $100K heist from becoming $10M when their site got compromised, then compensated users out of pocket.

The Reality Check

The crypto security space is in an arms race. Every phishing attack surfaces new vulnerabilities, and every exploit teaches hackers new tricks. The difference between a $100K loss and a $24M disaster often comes down to one thing: whether you revoked your old token approvals.

This March’s incidents aren’t outliers—they’re warnings. As DeFi becomes more sophisticated, so do the attacks.