In a massive security breach, a crypto whale has reportedly lost $55.47 million worth of DAI due to a sophisticated phishing attack. The incident, detailed The case, conducted by blockchain analytics firm Lookonchain and cybersecurity firm Certik, involves the unauthorized transfer of ownership of a Maker vault containing large amounts of DAI to a malicious entity.
Here’s How the Massive Cryptocurrency Hack Happened
The chain of events began with an unsuspecting victim signing a seemingly harmless transaction that was actually a trap that led to their assets being compromised. The critical transaction, identified on August 20, 2024 at 5:40:47 PM UTC, redirected DSProxy property #166,776 to the infamous phishing address “0x0000db5c8B030ae20308ac975898E09741e70000.”
After the ownership change, the attacker used another address, “0x5D4b2a02c59197eb2cae95a6df9fe27af60459d4,” to illegally mint and withdraw 55,473,618 DAI from the compromised vault. Blockchain records from Etherscan reveal the attacker’s subsequent actions, as he converted nearly half of the stolen DAI into 10,625 Ethereum (ETH).
CertiK, a leading security-focused rating platform for analyzing and monitoring blockchain protocols and DeFi projects, It has been identified. The phishing technique used is part of a broader category known as Inferno Drainer. Inferno Drainer is a particularly malicious type of smart contract exploit that manipulates transaction permissions to redirect assets to addresses controlled by the attacker.
The exploit is often embedded in malicious smart contracts that appear benign or mimic legitimate contract interactions, thus tricking the user into executing transactions that give the attackers access or control over their digital assets.
Certec stressed the seriousness of this vulnerability, noting that the theft was facilitated by the attacker taking control of the victim’s external account (EOA) through deceptive means, including but not limited to, disguised malicious links or compromised interfaces.
In the wake of the incident, Lookonchain spoke out about how to protect crypto assets. Via X, it warned: “When signing a transaction, always double-check before clicking ‘Confirm’ and do not sign unknown transactions!”
This latest incident adds to an already turbulent year for crypto security. According to CertiK, total losses in July alone amounted to nearly $270.9 million due to various exploits, hacks, and scams, although around $7.8 million was returned to victims. This represents the second-highest monthly loss of 2024.
Breaking down the losses, CertiK reported that exit scams accounted for nearly $3 million of the total. Flash loans, which are often used in complex arbitrage strategies but can also be exploited to temporarily manipulate market prices, accounted for a staggering $265.8 million. Other exploits contributed about $9.8 million of the total.
At the time of publication, the total market cap of cryptocurrencies stood at $2.053 trillion.
Featured image created using DALL.E, chart from TradingView.com
Comments are closed, but trackbacks and pingbacks are open.