A crypto whale reportedly lost $55.47 million in DAI to a sophisticated phishing attack following a massive security breach. The incident, detailed by blockchain analytics firm Lookonchain and cybersecurity firm Certik, involved the unauthorized transfer of ownership of a Maker vault containing large DAI holdings to a malicious entity.
Here’s How The Mega Cryptocurrency Hack Happened
The sequence of events began with an unsuspecting victim signing a seemingly innocuous transaction that was actually a trap leading to the compromise of their assets. The critical transaction, identified on August 20, 2024 at 17:40:47 UTC, redirected ownership of DSProxy #166,776 to a notorious phishing address “0x0000db5c8B030ae20308ac975898E09741e70000”.
After the ownership change, the attacker used another address, “0x5D4b2a02c59197eb2cae95a6df9fe27af60459d4,” to illegally create and withdraw 55,473,618 DAI tokens from the compromised vault. Blockchain records according to Etherscan reveal the attacker’s subsequent actions, where he converted about half of the stolen DAI into 10,625 Ethereum (ETH).
CertiK, a security-focused ranking platform and leader in analyzing and monitoring blockchain protocols and DeFi projects, identified the phishing technique used as part of a broader category known as Inferno Drainer. Inferno Drainer is a particularly virulent type of smart contract exploit that manipulates transaction permissions to redirect assets to addresses controlled by the attacker.
The exploit is often embedded in malicious smart contracts that appear benign or mimic legitimate contractual interactions, thereby tricking the user into executing transactions that grant the attackers access to or control over their digital assets.
Certik highlighted the critical nature of this exploit, stating that the theft was facilitated by the attacker taking control of the victim’s external account (EOA) through deceptive means, including but not limited to disguised malicious links or compromised interfaces.
Following this incident, Lookonchain has been vocal about how to protect crypto assets. Via X, they warned: “When signing a transaction, always double-check before clicking ‘confirm’ and do not sign unknown transactions!”
This recent incident adds to an already tumultuous year in crypto security. According to CertiK, total losses for July alone amounted to approximately $270.9 million due to various exploits, hacks, and scams, despite approximately $7.8 million being returned to victims. This figure represents the second-highest monthly loss for the year 2024.
Exit scams accounted for about $3 million of the total losses, according to CertiK. Flash loans, which are often used in sophisticated arbitrage strategies but can also be exploited to temporarily manipulate market prices, accounted for a staggering $265.8 million. Other exploits contributed about $9.8 million to the total.
At the time of going to press, the total market capitalization of the cryptocurrency market stood at $2.053 trillion.
Featured image created with DALL.E, chart from TradingView.com
