Crypto Whale Loses $55.4 Million in Dai Stablecoins to Phishing Attack

A crypto whale has lost approximately $55.4 million worth of Dai stablecoins in a sophisticated phishing attack.

The incident was first reported by on-chain investigator ZachXBT and later confirmed by security firm CertiK.

The attack appears to have been executed using a phishing tool known as Inferno Drainer, which entices victims into providing sensitive information through fake websites or emails that mimic legitimate cryptocurrency exchanges or decentralized finance (DeFi) protocols.

Once the attacker obtained access to the whale’s externally owned account (EOA), they were able to exploit a vulnerability that allowed them to take control of a Maker Vault.

#CertiKInsight 🚨

Inferno Drainer (Fake_Phishing187019) set the owner address of a Maker vault to 0x5d4b2a02c59197eb2cae95a6df9fe27af60459d4 and minted 55,473,618 Dai tokens (~$55M) to it.

Stay Vigilant! pic.twitter.com/q4Q91CP1lR

— CertiK Alert (@CertiKAlert) August 21, 2024

Attacker Gets Control of Crypto Whale’s EOA

Maker Vaults are collateralized debt positions where users can borrow Dai stablecoins by depositing collateral.

The attacker, having gained control of the whale’s EOA, transferred the ownership of the victim’s DSProxy—a smart contract that enables multiple contract calls in a single transaction—to a new address they controlled.

This allowed the attacker to change the vault’s owner address to their own and mint 55,473,618 Dai stablecoins directly into their wallet.

Security firm Blocksec provided additional details, confirming that the attacker tricked the victim into signing a transaction that changed the vault’s ownership.

On-chain data indicated that the Maker Vault’s DSProxy ownership was transferred to an address labeled as Fake_Phishing187019 on Etherscan during the phishing process.

The address later transferred ownership to another address, 0x5D4b2, which is now involved in withdrawing the stolen funds and possibly laundering them.

Blocksec analyst Jingyi Guo suggested that the victim likely signed a phishing transaction, as their attempts to invoke the DSProxy failed after ownership was transferred.

A phishing transaction profited more than 54M Dai! The attacker lures the victim into signing a TX to change the vault owner and then executes a TX to drain the vault!

Be cautious when signing a transaction.https://t.co/H6FVW58j8K pic.twitter.com/Nt1rjQHWkV

— BlockSec (@BlockSecTeam) August 21, 2024

Illicit Crypto Transactions Drop in 2024

A recent Chainalysis report revealed a decline in overall illicit cryptocurrency transactions in 2024, even as specific types of criminal activities within the sector surged.

Released on August 15 as part of the mid-year crypto crime update, the report found that hacking and ransomware attacks were becoming increasingly prevalent.

Two categories, in particular – stolen funds through hacking and ransomware attacks – have seen an uptick.

By the end of July, the cumulative value of stolen cryptocurrencies had reached $1.58 billion – an 84% increase compared to the same period in 2023.

While the number of hacking incidents only increased slightly (2.8% year-over-year), the average value stolen per hack surged dramatically.

In July alone, hackers stole approximately $266 million through 16 separate breaches, dealing the crypto sector substantial losses.

The July 18 attack on Indian crypto exchange WazirX stands out. This attack alone accounted for over $230 million, or 86.4%, of the month’s total losses.

Other significant victims of July’s crypto hacks included algorithmic protocol Compound Finance ($24 million lost), bridging protocol Li.Fi ($10 million), decentralized AI protocol Bittensor ($8 million), and liquidity provider Rho Markets ($8 million).

June, in contrast, saw a lower loss of $176 million spread across approximately 20 incidents. This difference highlights the sharp increase in the value of stolen assets in just one month.