- Blockbasis
- Posts
- Whale Loses $55M in DAI to Phishing Attack
Whale Loses $55M in DAI to Phishing Attack
How a Crypto Whale Fell Victim to a Sophisticated $55 Million Phishing Scam, Resulting in the Loss of Millions in DAI and Highlighting the Rising Threats in the Crypto Space
Blockbasis
August 23, 2024
In partnership with
TL;DR
A crypto whale lost $55.47 million in a sophisticated phishing attack targeting their Maker vault. The attacker gained control of the whale’s DSProxy, enabling them to withdraw 55.47 million DAI. The stolen funds were partially laundered, with 27.5 million DAI converted into 10,625 ETH.
Make Sure This Hack Doesn’t Happen To You 🫵
Subscribe to Blockbasis and get access to our premium scanner to check whether your the funds in your wallet is safeguarded from hacks 🔐
For a limited period only, you can get a 7 day FREE trial!
Tried to scan your wallet for any exploited contracts connected to your wallet?
If not, you probably should. Better be safe than sorry 🙏
— Blockbasis (@Blockbasis)
1:19 PM • May 6, 2022
All for just $50/month after the trial.
Don't miss out! Grab your FREE trial today 👇
A crypto whale fell victim to a cunning phishing scam, resulting in a staggering $55.47 million loss.
On August 20, blockchain investigator ZachXBT noticed something suspicious—55.47 million DAI suddenly vanished from a high-value wallet.
Realizing the threat, the whale tried to relocate their assets to a secure location. Unfortunately, the damage was already done; the scammer had already taken control, rendering the transaction unsuccessful. In moments, the substantial funds were gone.
This incident underscores the persistent risks in the crypto world. Even experienced holders can be caught off guard by sophisticated schemes, serving as a costly lesson on the need for vigilance in protecting digital assets.
In what can only be described as a textbook phishing operation, the victim unknowingly signed a malicious transaction, effectively handing over control of 55.47 million DAI.
The attacker, now in control of the whale's externally owned account (EOA), focused on the true target: a Maker Vault.
#CertiKInsight 🚨
Inferno Drainer (Fake_Phishing187019) set the owner address of a Maker vault to 0x5d4b2a02c59197eb2cae95a6df9fe27af60459d4 and minted 55,473,618 Dai tokens (~$55M) to it.
Stay Vigilant!
— CertiK Alert (@CertiKAlert)
4:39 AM • Aug 21, 2024
With precision, the attacker transferred the ownership of the whale's DSProxy, a smart contract designed to bundle multiple actions in a single transaction to their own wallet.
This strategic move allowed the hacker to alter the vault’s ownership and drain 55,473,618 DAI stablecoins directly into their account.
The sophisticated phishing attack involved three key addresses:
Victim’s Address: 0xf2B889437F243396b29E829908b5d8ebE2e13048
Phishing Address: 0x0000db5c8B030ae20308ac975898E09741e70000
Attacker’s Withdrawal Address: 0x5D4b2A02c59197eB2cAe95A6Df9fE27af60459d4
The main transaction where the funds were siphoned off can be viewed here: 0xf70042bf3ae7c22f0680f8afa078c38989ed475dfbe5c8d8f30a50d4d2f45dc4.
Blockchain analytics firm Lookonchain revealed that the attacker wasted no time in laundering their stolen assets. Out of the $55.47 million DAI taken, 27.5 million DAI had already been swapped for 10,625 ETH by the time of reporting.
Once funds enter the shadowy corners of crypto transactions, reclaiming them becomes a daunting task. As the stolen assets are quickly dispersed, the chances of recovery dwindle.
Whether the remaining funds will be salvaged or vanish forever remains uncertain—likely to sink deeper into the abyss of crypto’s dark waters.
This attack underscores the persistent threat phishing poses in the crypto world. According to CertiK, nearly $498 million was lost to phishing schemes in just the first half of 2024, making it a favored tactic for cybercriminals.
Jingyi Guo, an analyst at Blocksec, pointed out that the victim likely signed a phishing transaction, as evidenced by their failed attempts to regain control of the DSProxy after ownership had already shifted.
In a space where one wrong click can result in significant losses, the importance of robust security measures cannot be overstated.
As threats grow more sophisticated, users must be more vigilant than ever in safeguarding their digital assets.
In today’s crypto landscape, multi-factor authentication, hardware wallets, and a healthy dose of skepticism have become as critical as a life jacket in a storm.
This whale’s misfortune serves as a stark warning to anyone navigating these unpredictable waters.
Before signing any transaction, it’s worth remembering that there’s always a bigger phish lurking in the depths, ready to reel you in if you let your guard down. Even the mightiest whales aren’t immune to a cleverly baited trap.
As phishing schemes grow more advanced and cybercriminals become bolder, the search for secure havens in the crypto world becomes ever more challenging.
The question remains: In an increasingly perilous digital ocean, is any safe harbour left?
Power your competitive advantage with intelligent automation from ELEKS
ELEKS' intelligent automation service transforms your business operations through data-driven solutions. We automate complex tasks, streamlining processes to increase productivity and reduce operational costs. Our tailored solutions adapt to your changing needs and help you unlock new growth opportunities by freeing your team to focus on high-value tasks.
The result? Enhanced customer satisfaction, improved client retention, and a stronger market position.