A prominent crypto whale has fallen prey to a sophisticated phishing attack, resulting in the loss of roughly $55.4 million in Dai stablecoins.
The incident was initially flagged by on-chain investigator ZachXBT and later corroborated by the security firm CertiK.
#CertiKInsight 🚨
— CertiK Alert (@CertiKAlert) August 21, 2024
Inferno Drainer (Fake_Phishing187019) set the owner address of a Maker vault to 0x5d4b2a02c59197eb2cae95a6df9fe27af60459d4 and minted 55,473,618 Dai tokens (~$55M) to it.
Stay Vigilant! pic.twitter.com/q4Q91CP1lR
The phishing attack was reportedly executed using a tool known as Inferno Drainer, which deceives victims into divulging sensitive information through fake websites or emails mimicking legitimate cryptocurrency exchanges or decentralized finance (DeFi) platforms.
Once the attacker gained access to the whale’s externally owned account (EOA), they exploited a vulnerability that enabled them to seize control of a Maker Vault.
Attacker Takes Over Whale’s EOA
Maker Vaults are collateralized debt positions allowing users to borrow Dai stablecoins by depositing collateral.
After gaining control of the whale’s EOA, the attacker transferred ownership of the victim’s DSProxy—a smart contract allowing multiple contract calls in a single transaction—to a new address they controlled.
This maneuver enabled the attacker to alter the vault’s owner address to their own, allowing them to mint 55,473,618 Dai stablecoins directly into their wallet.
Further analysis by the security firm Blocksec confirmed that the attacker tricked the victim into signing a transaction that transferred the vault’s ownership.
On-chain data showed that the Maker Vault’s DSProxy ownership was transferred to an address labeled Fake_Phishing187019 on Etherscan during the phishing process.
This address later passed ownership to another address, 0x5D4b2, now involved in withdrawing the stolen funds and possibly laundering them.
Blocksec analyst Jingyi Guo suggested that the victim was likely duped into signing a phishing transaction, as their attempts to invoke the DSProxy failed after ownership had been transferred.
Crypto Crime Sees Shifts in 2024
According to a recent Chainalysis report, overall illicit cryptocurrency transactions declined in 2024, despite a surge in specific types of criminal activities within the sector.
Released on August 15 as part of the mid-year crypto crime update, the report highlighted the increasing prevalence of hacking and ransomware attacks.
Two categories, in particular—stolen funds through hacking and ransomware attacks—have seen significant growth.
By the end of July, the total value of stolen cryptocurrencies reached $1.58 billion, marking an 84% increase compared to the same period in 2023.
While the number of hacking incidents rose slightly (2.8% year-over-year), the average amount stolen per hack increased dramatically.
In July alone, hackers made off with approximately $266 million through 16 separate breaches, dealing severe financial blows to the crypto sector.
The most significant attack occurred on July 18, targeting the Indian crypto exchange WazirX. This attack alone accounted for over $230 million, or 86.4%, of the month’s total losses.
A phishing transaction profited more than 54M Dai! The attacker lures the victim into signing a TX to change the vault owner and then executes a TX to drain the vault!
— BlockSec (@BlockSecTeam) August 21, 2024
Be cautious when signing a transaction.https://t.co/H6FVW58j8K pic.twitter.com/Nt1rjQHWkV
Other notable victims of July’s crypto hacks included algorithmic protocol Compound Finance ($24 million lost), bridging protocol Li.Fi ($10 million), decentralized AI protocol Bittensor ($8 million), and liquidity provider Rho Markets ($8 million).
In contrast, June saw lower losses, totaling $176 million across about 20 incidents. This sharp rise in the value of stolen assets within a single month underscores the escalating threat of cybercrime in the cryptocurrency space.