A sophisticated phishing attack has led to the loss of approximately $55.4 million worth of Dai stablecoins by a major crypto whale. The incident was initially reported by on-chain investigator ZachXBT and later verified by the security firm CertiK.
Phishing Attack Details
The attack was carried out using a phishing tool known as Inferno Drainer. This tool deceives victims into providing sensitive information through counterfeit websites or emails that closely resemble legitimate cryptocurrency exchanges or decentralized finance (DeFi) platforms.
Once the attacker gained access to the whale’s externally owned account (EOA), they exploited a vulnerability to take control of a Maker Vault. Maker Vaults are collateralized debt positions where users can borrow Dai stablecoins by depositing collateral.
Exploitation of Maker Vault
With control of the whale’s EOA, the attacker transferred the ownership of the victim’s DSProxy—a smart contract that facilitates multiple contract calls in a single transaction—to a new address they controlled. This enabled the attacker to change the vault’s owner address to their own and mint 55,473,618 Dai stablecoins directly into their wallet.
Security firm Blocksec confirmed that the attacker tricked the victim into signing a transaction that altered the vault’s ownership. On-chain data revealed that the Maker Vault’s DSProxy ownership was shifted to an address labeled Fake_Phishing187019 on Etherscan during the phishing attack. This address later transferred the ownership to another address, 0x5D4b2, which is now involved in withdrawing and possibly laundering the stolen funds.
Blocksec analyst Jingyi Guo noted that the victim likely signed a phishing transaction, as their attempts to invoke the DSProxy failed once ownership was transferred.
Trends in Illicit Crypto Transactions
Despite the high-profile nature of this phishing attack, recent data from Chainalysis reveals a decline in overall illicit cryptocurrency transactions in 2024. The mid-year crypto crime update, released on August 15, highlights that while total illicit transactions are down, specific types of criminal activities, such as hacking and ransomware attacks, have surged.
By the end of July 2024, the total value of stolen cryptocurrencies had reached $1.58 billion, marking an 84% increase compared to the same period in 2023. Although the number of hacking incidents rose only slightly by 2.8% year-over-year, the average value stolen per hack increased significantly.
In July alone, hackers stole approximately $266 million across 16 separate breaches, causing considerable losses to the crypto sector. The attack on Indian crypto exchange WazirX on July 18 was particularly notable, accounting for over $230 million, or 86.4%, of the month’s total losses. Other significant victims included algorithmic protocol Compound Finance ($24 million lost), bridging protocol Li.Fi ($10 million), decentralized AI protocol Bittensor ($8 million), and liquidity provider Rho Markets ($8 million).
In contrast, June saw a lower total loss of $176 million spread across around 20 incidents, underscoring the sharp increase in stolen asset values in July.
