Multiple incidents of stETH being stolen and cross-chained to the Blast mainnet were discovered. The victim’s mnemonic words/private keys may have be

SlowMist founder, Yu Xian, posted on X platform stating that SlowMist and MistTrack have received at least four cases of stETH being stolen and cross-chain transferred to the Blast mainnet. The common feature is that a small amount of ETH transaction fee is sent from an address with obvious traces (including exchanges) to the stolen address, and then stETH is cross-chain transferred to the Blast mainnet for subsequent transfer, and finally the remaining small amount of ETH in the victim's address is transferred to different ETH addresses. The known loss exceeds 100 stETH, and it is likely a group event. The mnemonic phrase/private key of these victims must have been leaked, and the attackers lurked to start on the Blast mainnet. Previously, Scam Sniffer monitoring showed that a certain address lost over 10 BTC pledged on Aave and some PANDORA due to interaction (clicking on the signature authorization) with a fake Blast airdrop website, with a total loss of approximately $717,817.