DAI whale loses $55 million in a phishing attack

In a dramatic illustration of the ever-present risks in the cryptocurrency world, a whale recently lost a staggering $55.47 million in DAI stablecoin due to a phishing attack unearthed by Lookonchain in a post on X.

The attack has sparked renewed discussions on the importance of security measures and vigilance in the crypto space.

How did the attack unfold?

The phishing attack began when the whale, holding a massive amount of DAI tokens in Maker, a decentralized finance protocol on Ethereum, inadvertently signed a fraudulent transaction.

According to the information on Etherscan, this transaction altered the ownership of the whale’s 55.47 million DAI, transferring control to a phishing address: 0x0000db5c…41e70000.

The whale’s subsequent attempt to withdraw the funds failed due to the unauthorized change in ownership as evident in Etherscan records.

By this point, the attacker had already set the owner of the DAI tokens to a newly created address: 0x5D4b. This new address enabled the attacker to withdraw the funds, as documented in the transaction here and here.

Funds converted to ETH and moved

Once the attacker gained control over the DAI tokens, they quickly moved to convert a significant portion of them. Approximately $27.5 million in DAI was exchanged for around 10,625 ETH, highlighting the efficiency and speed with which the hacker was able to act.

The converted funds were subsequently routed to CoW, a trading protocol, further complicating the tracking and recovery of the stolen assets.

The growing trend of phishing attacks in crypto

This incident not only represents a significant loss but also highlights the growing prevalence of phishing attacks in the cryptocurrency sector.

Earlier this year, similar attacks have resulted in millions lost by other high-profile figures in the crypto world. According to a recent Chainalysis research, $2.7 billion has been stolen through phishing attacks since May 2021.

In June this year, a MakerDAO delegate lost $11 million in a phishing scam. In May, a Bored Ape Yacht Club trader lost $145,000 to a similar scam.

According to ScamSniffer Mid-Year Phishing Report, 260k victims lost $314M across EVM chains in H1 2024, with 20 people loosing over $1M each, totaling $58M. The figures are quite astonishing seeing that a total of $295M was stolen through similar means in the whole of last year. This year surpassed last year’s numbers in just 6 months.

As phishing schemes become increasingly sophisticated, the need for heightened security measures and user education becomes more critical than ever.

The $55 million loss underscores a vital lesson for all cryptocurrency users: the importance of vigilance and the need for robust security practices to safeguard against such high-risk threats.

The post DAI whale loses $55 million in a phishing attack appeared first on Invezz