A crypto whale has fallen victim to a sophisticated phishing attack, resulting in the loss of approximately $55.4 million worth of Dai stablecoins. The attack, reported by on-chain investigator ZachXBT and confirmed by security firm CertiK, involved the use of a phishing tool called Inferno Drainer. This tool lures victims into providing sensitive information through fake websites or emails that mimic legitimate cryptocurrency exchanges or DeFi protocols. Once access to the whale’s EOA was obtained, the attacker exploited a vulnerability to take control of a Maker Vault where the Dai stablecoins were stored.
Maker Vaults function as collateralized debt positions where users can borrow Dai stablecoins by depositing collateral. After gaining control of the victim’s EOA, the attacker transferred ownership of the victim’s DSProxy smart contract to a new address they controlled. This allowed the attacker to change the vault’s owner address to their own and mint the stolen Dai stablecoins directly into their wallet. Further investigation by security firm Blocksec revealed that the attacker tricked the victim into signing a transaction that changed the ownership of the vault, enabling them to carry out the theft successfully.
Despite the increase in specific types of criminal activities within the crypto sector, overall illicit cryptocurrency transactions saw a decline in 2024 according to a Chainalysis report. The report, released as part of the mid-year crypto crime update, highlighted a rise in hacking and ransomware attacks. Stolen funds through hacking and ransomware attacks increased significantly, with the cumulative value of stolen cryptocurrencies reaching $1.58 billion by the end of July, marking an 84% increase compared to the same period in 2023. The report noted a surge in the average value stolen per hack, with hackers stealing approximately $266 million in July alone through 16 separate breaches.
One notable incident in July was the attack on Indian crypto exchange WazirX, which accounted for over $230 million of the total losses for the month. Other significant victims of crypto hacks included Compound Finance, Li.Fi, Bittensor, and Rho Markets. In contrast, June saw a lower loss of $176 million spread across approximately 20 incidents, emphasizing the sharp increase in stolen assets within just one month. Despite the challenges posed by cybercriminals, efforts are being made to enhance security measures and safeguard the crypto community against such attacks.
