New ERC-20 approval to unverified contract from whale

Rocket Pool's assessment for RD-F-096 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

September 2023 phishing event ($24M stolen from a crypto whale) involved victim signing an Increase Allowance approval to an attacker-controlled contract for rETH/stETH. This was a user-level phishing event, not a protocol-level unverified approval triggered by the protocol's on-chain interactions. No protocol-level unverified-contract approval event documented. Whale list and monitoring not configured at protocol level.

Sources #

URL
https://www.investing.com/news/cryptocurrency-news/crypto-whale-losses-over-24m-in-phishing-scam-3170033retrieved 2026-05-06

Methodology #

Detect whether a top-TVL depositor grants a new token approval to an unverified contract that interacts with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol rocket-pool factor RD-F-096 score gray collected_at 2026-05-04 15:40:28