On August 21, 2024, a crypto whale was robbed of the equivalent of $55.4 million. The reason? A sophisticated phishing attack. We'll explain.
A little story about the $55 million hack!
The attack began with the use of Inferno Drainer, a phishing tool designed to trap users through fake websites and emails that mimic trusted platforms. Once the victim is in, the attacker gains access to the victim’s external wallet, or EOA (externally owned account), which manages the Maker vault. This vault, a type of collateralized debt position, allows users to borrow DAI stablecoins by depositing assets as collateral.
Once they had control of the EOA, the hackers transferred ownership of the victim’s DSProxy (a smart contract used to simplify complex transactions) to an address under their control. This manipulation gave them full access to funds stored in the Maker vault.
After securing DSProxy, the attacker changed the address of the safe deposit box owner, redirecting all 55.4 million DAI to his own wallet. Well-known experts Certik and ZackXBT confirmed that the scammer attempted to get the victim to sign a transaction without their knowledge, ceding control of the vault to him. The transfer was then hidden using an address named “Fake_Phishing187019” on Etherscan, before being redirected to another address for withdrawal or laundering.
After being taken away, the victim tried to regain control of DSProxy, but the manipulation was consumed. Suffice it to say that this short story reminds us that our ecosystem is full of beautiful promises, but also full of dangers! One wrong click, and that’s the entire wallet evaporated. So, and that will be the big word at the end of this short story: caution is the mother of safety.
DYOR! #Write2Win #Write&Earn #daihan