A Maker Vault user lost 55 million Dai stablecoins to a phishing attack.
Immunefi reported that over $1.19 billion had been lost due to hacks and scams in one year leading up to July.
On Tuesday, a crypto whale lost about $55.4 million worth of Dai stablecoin to a phishing attack, on-chain sleuth ZachXBT first noted.
Security firm CertiK noted that the attacker likely accessed EOA using Inferno Drainer. This phishing tool lures victims using fake websites or emails representing legitimate exchanges or DeFi protocols and then steals the user’s private information.
#CertiKInsight
Inferno Drainer (Fake_Phishing187019) set the owner address of a Maker vault to 0x5d4b2a02c59197eb2cae95a6df9fe27af60459d4 and minted 55,473,618 Dai tokens (~$55M) to it.
Stay Vigilant! pic.twitter.com/q4Q91CP1lR
— CertiK Alert (@CertiKAlert) August 21, 2024
It explained that a malicious actor utilized a vulnerability to access the user’s externally owned account (EOA) that controlled a Maker vault.
Maker Vaults are collateralized debt positions that allow users to borrow the U.S. dollar-pegged Dai stablecoin by depositing collateral.
Certik added that the attacker used the EOA to transfer the ownership of the user’s DSProxy (decentralized service proxy) #166,776 to a new address controlled by the attacker. A DSProxy is a smart contract that enables users to execute multiple contract calls in one transaction.
Having gained control of the Maker vault, the attacker set the protocol’s owner address to their wallet address and minted 55,473,618 Dai stablecoins into it.
DeFi protocols continue to be the center of cryptocurrency hacks, with DEX aggregation and bridging protocol LI.FI’s security breach last month resulted in losses of $10 million.
Immunefi’s July report said the crypto industry saw over $1.19 billion in losses year-to-date due to hacks and scams.