A recent phishing attack targeting a prominent crypto whale has resulted in the theft of approximately $55 million worth of Dai tokens, drawing attention to the growing sophistication and frequency of cyberattacks within the Web3 ecosystem.
Attack Details
According to reports from blockchain analytics firm Lookonchain and cybersecurity experts at CertiK, the phishing scam was orchestrated by an entity identified as “Fake_Phishing187019.” The attacker successfully siphoned off 55,473,618 Dai tokens by exploiting vulnerabilities in externally owned accounts (EOAs). Similar to traditional bank accounts, these digital wallets can be compromised if not properly secured.
The breach occurred on August 20, 2024, at 5:40:47 PM UTC. The attacker deceived the victim into signing a seemingly benign transaction that, unbeknownst to the user, transferred ownership of DSProxy #166,776 to a known phishing address. This critical transaction set the stage for the subsequent theft of the Dai tokens.
Laundering Stolen Funds
Once the attacker gained control of the compromised vault, they swiftly minted and withdrew the stolen tokens. The stolen assets were then laundered through a series of complex transactions. The first phase involved transferring $36 million to an unknown address, followed by an additional $17.5 million routed through the CoW protocol.
In a bid to further obscure the trail, the hacker exchanged the stolen Dai tokens for Ethereum (ETH) and Bitcoin through Uniswap V3, a widely used decentralized exchange. This maneuver highlights the lengths to which cybercriminals will go to conceal their illicit gains, making it increasingly challenging for authorities to trace and recover the stolen assets.
The Inferno Drainer Exploit
CertiK’s analysis identified the phishing technique used in this attack as part of the broader “Inferno Drainer” category. This type of smart contract exploit manipulates transaction permissions, allowing attackers to redirect assets to addresses they control. Inferno Drainer tactics often involve embedding malicious code within contracts that appear legitimate, deceiving users into unknowingly granting access to their digital assets.
Growing Frequency of Cyber Attacks
The recent attack is part of a concerning trend in the Web3 space, where cyberattacks are becoming more frequent and sophisticated. The July 2024 report from CertiK painted a grim picture of the current security landscape, with losses amounting to $270.9 million from various breaches, hacks, and fraud incidents. Of this staggering amount, only $7.8 million was recovered, highlighting the challenges in combating these threats. The recent WazirX hack, which resulted in a $230 million loss, is a prime example of the sector’s vulnerability.
Furthermore, CertiK also reported that in the first half of 2024, almost $500 million were stolen through phishing attacks like the one that recently targeted the decentralized exchange and staking platform MonoSwap, which had to urge users to stop staking or deposit additional funds on the platform.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.