Devastating Phishing Attack Leaves Crypto Whale $55.4M Poorer

BySamson Ononeme

Aug 21, 2024 ,
A cryptocurrency whale has fallen prey to a sophisticated phishing attack, resulting in the loss of approximately $55.4 million worth of Dai stablecoin. The attack utilized the Inferno Drainer tool to gain control of the victim's Maker vault.

Key Insights

  • A cryptocurrency whale lost approximately $55.4 million worth of Dai stablecoin in a phishing attack, according to on-chain sleuth ZachXBT.
  • The attack was carried out using the Inferno Drainer, a malicious tool that lures victims through fake websites or emails representing legitimate exchanges or DeFi protocols, stealing their private information.

LONDON (Reuters) – In a devastating security breach, a cryptocurrency whale has fallen victim to a phishing attack, resulting in the loss of approximately $55.4 million worth of Dai stablecoin, according to on-chain sleuth ZachXBT.

The attack was carried out using a malicious tool known as the Inferno Drainer, which security firm CertiK says is capable of luring victims through fake websites or emails representing legitimate exchanges or DeFi protocols, ultimately stealing their private information.

CertiK’s investigation revealed that the attacker utilized a vulnerability to gain access to the victim’s externally owned account (EOA), which controlled a Maker vault. Maker Vaults are collateralized debt positions that allow users to borrow the U.S. dollar-pegged Dai stablecoin by depositing collateral.

By taking control of the victim’s decentralized service proxy (DSProxy) – a smart contract that enables multiple contract calls in a single transaction – the attacker was able to set the protocol’s owner address to their own wallet address. This allowed them to mint 55,473,618 Dai stablecoins directly into the compromised vault.

Security firm Blocksec further confirmed the details of the attack, explaining that the attacker lured the victim into signing a transaction to change the vault owner, and then executed a transaction to drain the vault. On-chain data suggests the attacker may have used an address labeled “Fake_Phishing187019” on Etherscan to facilitate the transfer of ownership during the phishing transaction.

This latest incident is a stark reminder of the ongoing security challenges facing the decentralized finance (DeFi) ecosystem. In recent months, the crypto industry has seen over $1.19 billion in losses due to hacks and scams, according to Immunefi’s July report.

Samson Ononeme

Meet Samson Ononeme, a dynamic writer, editor, and CEO of marketsxplora.com. With a passion for words and a sharp business acumen, he captivates readers with captivating storytelling and delivers insightful market analysis.

Leave a Reply