In a bizarre turn of events, on-chain data shows that a DeFi whale recently lost over $55 million in DAI stablecoins to a phishing scam after signing a fraudulent transaction. His funds were stored in Maker, a decentralized finance protocol built on Ethereum.
Details of the Phishing Attack
According to an on-chain analysis by Lookonchain, the phishing attack occurred when the whale, who held a significant amount of DAI in Maker, signed an unknown transaction, resulting in a loss of $55.47 million.
A whale lost 55.47M $DAI in a phishing attack!
How did it happen?👇
The whale carelessly signed an unknown transaction 13 hours ago, setting the owner of his 55.47M $DAI in Maker to the phishing address”0x0000db5c…41e70000″.https://t.co/jpIz4pD043
When he later tried to… pic.twitter.com/qOkkcbYp4q
— Lookonchain (@lookonchain) August 21, 2024
This act inadvertently set the owner of the whale’s funds to the scammer’s address, identified as “0x0000db5c…41e70000.” Once ownership was changed, the attacker had complete control of the whale’s 55.47 million DAI, leaving the original holder powerless.
The whale seemed to realize the mistake and attempted to withdraw the funds to a new address. However, the transaction failed due to a change in ownership.
Meanwhile, the attacker quickly transferred the stolen DAI tokens to a newly created wallet as soon as the ownership was changed. He began converting the tokens into Ethereum.
At the time of writing, the scammer has exchanged 27.5 million DAI for approximately 10,625 ETH, transferring the majority of the stolen assets via a decentralized trading protocol.
While the transaction on the whale’s part is an apparent mistake, the lesson from this incident is one that every crypto user should learn from to avoid facing similar losses.
How to Avoid Phishing Attacks
This latest exploit highlights the continued threat of phishing attacks in the crypto industry. Earlier this year, data revealed over $46 million worth of crypto has been lost to phishing attacks.
This has prompted various security warnings within the crypto community. For instance, following a detailed explanation of the attack, the analytics firm stated:
“When you sign a transaction, always double-check before clicking confirm and do not sign unknown transactions”.
Another precautionary measure is to avoid giving out personal information, such as your wallet address or private keys to anyone. Additionally, be cautious of emails, especially if they contain attachments or links as well as websites that look suspicious or too good to be true.