New York, Monday, August 26, 2024 – A crypto whale lost $55.4 million worth of Dai stablecoins in a phishing attack, marking one of the largest individual losses in recent memory. On-chain analyst ZachXBT reported the breach on Tuesday, August 20.
Security firm CertiK identified the culprit as Inferno Drainer, a phishing tool that lures victims through fake websites or emails mimicking legitimate exchanges or DeFi protocols.
The attacker exploited a vulnerability in the victim’s externally owned account (EOA) controlling a Maker vault.
Maker Vaults are collateralized debt positions allowing users to borrow Dai by depositing collateral.
The attacker gained control of the vault by transferring the ownership of the user’s DSProxy, a smart contract that facilitates multiple contract calls in one transaction, to a new address. The attacker then set their wallet as the protocol’s owner and minted 55,473,618 Dai into it.
The incident underscores the growing threat of phishing attacks in the DeFi space, with decentralized protocols frequently targeted. Last month, DEX aggregation and bridging protocol LI.FI suffered a $10 million loss due to a security breach.
According to Immunefi’s July report, the crypto industry has lost over $1.19 billion to hacks and scams in the year leading up to July 2024.
This latest attack highlights the ongoing risks associated with DeFi platforms and the importance of robust security measures in protecting digital assets.
