A crypto whale has become the victim of a phishing attack, losing a substantial 55.47 million DAI tokens ($55M). According to on-chain data, the funds were stored in the vault of Maker, a decentralized finance (DeFi) protocol built on Ethereum.
Phishing Attack and Loss of Funds
Cryptocurrency wallet owners must exercise extreme caution when signing transactions. In this case, a crypto whale negligently signed a fraudulent transaction, allowing the attacker to access the funds. When the whale attempted to withdraw the funds, the transaction failed due to a change in ownership through the hack.
Movement of Stolen Funds
The attacker moved the stolen DAI tokens to a new address and later exchanged 27.5 million DAI for approximately 10,625 ETH, currently worth $27.44 million. Most of these funds were then moved to a trading protocol called CoW.
Investigation by CertiK
Security platform CertiK reported that the attacker used Inferno Drainer to access externally owned accounts (EOA). The attacker exploited the EOA to transfer ownership of the DSProxy #166,776 to a new address under their control. A DSProxy is a smart contract that enables users to execute multiple contract calls within a single transaction. The attack took place on Tuesday at 05:40:47 PM UTC.
At the time of writing, DAI was trading at $0.9999, with a market cap of $5.36 billion, according to CMC data.
Comments