A cryptocurrency whale has lost a staggering $55.4 million worth of Dai stablecoin to a sophisticated phishing attack. The incident, which unfolded on Tuesday, has sent shockwaves through the crypto community, highlighting the persistent dangers of online scams even among the most seasoned investors.
The first to raise the alarm was on-chain investigator ZachXBT, who uncovered the details of the attack. The attacker, exploiting a vulnerability in the whale’s externally owned account (EOA), managed to drain a Maker Vault—a key element in decentralized finance (DeFi) that allows users to borrow Dai stablecoins by depositing collateral.
How the Attack Unfolded
According to CertiK, a leading blockchain security firm, the attacker used a phishing tool known as Inferno Drainer to carry out the heist. Inferno Drainer is notorious for creating fake websites and sending fraudulent emails that mimic legitimate cryptocurrency exchanges or DeFi platforms. By tricking the victim into believing they were interacting with a trusted source, the attacker was able to gain access to sensitive private information.
Once the attacker had control of the whale’s EOA, they swiftly transferred ownership of the user’s DSProxy—a smart contract that facilitates multiple contract calls in one transaction—to a new address under their control. This transfer of ownership was critical as it allowed the attacker to manipulate the Maker Vault.
With the DSProxy under their control, the attacker changed the owner address of the Maker Vault to their wallet and minted a massive 55,473,618 Dai stablecoins. These funds were then transferred out of the vault, effectively leaving the victim’s account empty.
The Fallout
Security firm Blocksec further analyzed the attack, confirming the sequence of events. They noted that the victim was lured into signing a transaction that unknowingly changed the ownership of the DSProxy. After gaining full control, the attacker executed another transaction to drain the vault completely.
Blocksec analyst Jingyi Guo explained that the victim likely signed the phishing transaction without realizing the consequences, as the victim’s attempts to regain control of the DSProxy were unsuccessful. Guo pointed out that the attack was less likely due to a compromised private key, but rather the result of the victim being tricked into signing a malicious transaction.
After successfully stealing the funds, the attacker transferred the stolen Dai to another address labeled 0x5D4b2, which is now handling the withdrawals and likely involved in further money laundering activities. The use of multiple addresses and the complexity of the attack make it difficult to trace the funds, posing a significant challenge to recovery efforts.
The Broader Implications
This attack is a stark reminder of the risks that continue to plague the DeFi space. Just last month, the DEX aggregation and bridging protocol LI.FI suffered a security breach resulting in losses of $10 million. According to a report by Immunefi, the cryptocurrency industry has already seen over $1.19 billion in losses due to hacks and scams this year alone.
The fact that even experienced crypto investors can fall victim to such attacks explains the importance of heightened security measures and constant vigilance in the rapidly evolving world of digital finance.
This incident highlights the ongoing threats in the crypto space and serves as a critical wake-up call. Investors, whether whales or everyday users, must prioritize security and remain cautious when interacting with online platforms. The sophistication of these attacks means that no one is immune, and the stakes have never been higher.
As the investigation into this massive theft continues, it serves as a chilling warning to all crypto users to stay alert and protect their assets. For more on this developing story and other breaking news, stay connected to DeyThere, where we bring you the latest updates in real-time.