MakerDAO Governance Delegate Loses $11 Million in Phishing Scam

MakerDAO Governance Delegate Loses $11 Million in Phishing Scam

A MakerDAO governance delegate has lost $11 million worth of Aave Ethereum Maker (aEthMKR) and Pendle USDe tokens due to a phishing scam. The incident, detected by Scam Sniffer in the early hours of June 23, occurred after the delegate inadvertently signed multiple fraudulent signatures.

The scam involved the transfer of 3,657 aEthMKR tokens from the sender address “0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa” to the recipient address “0x739772254924a57428272f429bd55f30eb36bb96,” with the transaction being confirmed in just 11 seconds. Arkham identified the victim as a MakerDAO governance delegate, a crucial role within the MakerDAO ecosystem. These delegates are responsible for voting on governance proposals, polls, and executive votes, significantly influencing the decisions within the Maker protocol.

Phishing scams involve cybercriminals posing as reputable entities to deceive individuals into providing sensitive information. In this case, the victim was tricked into signing multiple permit network phishing signatures, leading to the substantial loss of tokens.

The MakerDAO protocol relies on MKR tokenholders and delegates to vote on proposals, which progress from initial polls to final executive votes. Once a proposal is approved, it is implemented into the Maker protocol after a waiting period known as the Governance Security Module (GSM), designed to prevent sudden changes to the protocol.