On Tuesday, a crypto whale lost about $55.4 million in the Dai stablecoin to a complex phishing attack, according to on-chain investigator ZachXBT. This raises concerns over some of the persistent risks that have been common in the Decentralized Finance (DeFi) industry, especially those that involve scams aimed at users. The attack leveraged a particular weakness that provided the attacker with access to the victim’s externally owned account (EOA), which governed a Maker vault containing valuable assets.
Phishing Attack Exploits Maker Vault Vulnerability
The attack started with the attacker gaining unauthorized access to the externally owned account (EOA) of the crypto whale, a problem of growing concern in the crypto ecosystem. Inferno Drainer is likely the phishing tool that the well-known blockchain security firm CertiK has identified as being utilized by the attacker. This tool is notorious for creating fake websites or phishing emails that trick people with what appears to be real conversations or DeFi transactions. When the victim visited the site the hacker designed, the site stole the victim’s private details.
This information was used by the attacker to gain control of another contract called a Maker vault, through which the victim used a collateralized debt position to borrow DAI based on the deposited collateral. “The malicious actor was able to take control of the Maker vault through a weakness in the EOA,” said CertiK. The specific form of this control was transferring the ownership of the decentralized service proxy (DSProxy) associated with the vault to the attacker’s address. This is due to the fact that a DSProxy is required to call multiple contracts, and any control of this is a popular target for hackers.
Attacker Gains Control and Transfers Ownership
After gaining control of the DSProxy, the attacker changed the Maker vault’s owner address to their own wallet. This change in ownership was crucial, as it enabled the attacker to directly transfer an astounding 55,473,618 Dai stablecoins into their wallet. The degree of loss highlighted the severity of the violation and the complexity of the phishing scheme. Another blockchain security firm, Blocksec, shed more light on the attack, indicating that the attacker deceived the victim into signing a transaction that altered the ownership of the vault.
“The attacker tricked the victim into changing the owner of the vault by signing a transaction, and then the attacker signed a transaction to withdraw all the money from the vault,” Blocksec said. According to on-chain information, the victim essentially transferred ownership of the DSProxy to the later ASCII-named Fake_Phishing187019 during the phishing transaction. After this, control of the vault was transferred to another address, 0x5D4b2, which had further withdrawals and potential money laundering activities.
“The victim tried to invoke DSProxy. However, since they were no longer the owner address of DSProxy, the invocation failed. Given this, the likelihood of the victim signing a phishing transaction is higher than the possibility of their private key being compromised,” commented Blocksec analyst Jingyi Guo.
DeFi Protocols Under Continuous Threat
This massive loss raises even more concerns within the DeFi ecosystem, especially since many protocols and users are continuously being attacked by fraudsters. Although DeFi protocols are relatively new and progressive, they have become the primary focus of hackers due to the openness of their systems and the large amounts of funds stored in them. The incidents of such attacks are quite frequent and often on a large scale. In July, a lesser-known DeFi protocol, (link unavailable) (a company associated with the author), suffered a security breach that led to $10 million being stolen.
Such incidents help explain the staggering $1.19 billion in losses the crypto industry has sustained through hacks and scams, according to a report by Immunefi, a bug bounty and security services provider firm. One thing that defines these attacks is the use of seemingly small loopholes to steal huge sums of money from organizations and individuals. Despite these opportunities, the DeFi field contains notable risks that need to be addressed by all stakeholders around the clock.
The case of a crypto whale losing $55.4 million in Dai stablecoin through a phishing attack is a painful lesson on the importance of security measures and a constant reminder of the dangers associated with the crypto world.
Conclusion
The loss of $55.4 million in Dai stablecoin to a phishing attack by a crypto whale is another issue that arises in the DeFi space. Since the attack leveraged a particular weakness in the externally owned account of the victim, the case typifies the risks posed by phishing attacks on crypto investors. As the level of complexity involved in these kinds of attacks continues to rise, there is a need to improve security consciousness and measures that can be adopted to safeguard crucial electronic resources. The same issue seems to be the most pressing concern in the DeFi ecosystem, as more developments occur, the need for strong defense mechanisms to prevent similar future losses cannot be overstated.