Crypto Whale Loses $55.4 Million to Phishing Attack

On Tuesday, a crypto whale lost about $55.4 million worth of Dai stablecoin to a phishing attack, as first noted by on-chain sleuth ZachXBT.

Security firm CertiK stated that the attacker likely accessed the EOA (externally owned account) using Inferno Drainer. This phishing tool entraps victims through fake websites or emails that mimic legitimate exchanges or DeFi protocols, ultimately stealing users’ private information.

According to CertiK, a malicious actor exploited a vulnerability to gain access to the user’s EOA controlling a Maker vault. Maker Vaults are collateralized debt positions that allow users to borrow the U.S. dollar-pegged Dai stablecoin by depositing collateral.

CertiK explained that the attacker used the EOA to transfer ownership of the user’s DSProxy (decentralized service proxy) to a new address they controlled. A DSProxy is a smart contract allowing users to perform multiple contract calls in a single transaction.

Having taken control of the Maker vault, the attacker changed the protocol’s owner address to their wallet and minted 55,473,618 Dai stablecoins.

The Attacker Controlled the Victim’s Account

Security firm Blocksec confirmed this information to The Block, adding that the attacker tricked the victim into signing a transaction to change the vault owner and then executed a transaction to drain the vault. On-chain data suggested that the Maker Vault owner likely assigned ownership of the DSProxy to an address labeled Fake_Phishing187019 on Etherscan during the phishing incident.

Subsequently, Fake_Phishing187019 transferred ownership to the address 0x5D4b2, which is now involved in further withdrawals and potential money laundering activities, including withdrawing the victim’s Dai.

Blocksec analyst Jingyi Guo mentioned that the victim attempted to invoke the DSProxy. However, since they were no longer the owner of the DSProxy, the attempt failed. Guo indicated that the likelihood of the victim unintentionally signing a phishing transaction was higher than the chance of their private key being compromised.

DeFi protocols remain hotspots for cryptocurrency hacks, as seen last month when LI.FI, a DEX aggregation and bridging protocol, suffered a security breach resulting in losses of $10 million. According to Immunefi’s July report, the crypto industry faced over $1.19 billion in losses this year due to hacks and scams.