Blockchain security platform Scam Sniffer reported that a crypto trader lost $55.47 million in DAI stablecoin to a phishing attack.
According to the firm, the trader lost their assets after mistakenly transferring ownership of their collateralized debt position (CDP) on DeFi Saver Proxy to a malicious wallet.
DeFi Saver Proxy is a proxy contract deployed by Maker, the issuer of DAI stablecoin, for traders managing collateralized debt positions (CDPs).
The victim, identified as ‘0xf2B8,’ executed a ‘SetOwner’ transaction, unknowingly redirecting ownership of their DeFi Saver Proxy contract to a phishing address. When the victim attempted to execute a transaction, it failed because they no longer owned the DeFi Saver Proxy.
The attacker then transferred ownership to another address and drained the entire $55.47 million in DAI from the victim’s account.
Yu Xian, the founder of blockchain security firm SlowMist, pointed out that the attacker utilized the notorious Inferno Drainer crypto wallet-draining kit to perpetrate the attack.
Meanwhile, the blockchain analytical platform Lookonchain stated that the attacker had exchanged 27.5 million DAI for 10,625 ETH as of press time.
Phishing exploits
This latest exploit highlights the continued threat of phishing attacks in the crypto industry. In these frauds, attackers impersonate legitimate entities to steal sensitive data and gain access to their victims’ crypto wallets.
According to a report by Scam Sniffer, Wallet Drainers, a type of phishing malware, are often used on these phishing websites to trick users into signing malicious transactions. This year alone, over $314 million worth of digital assets were stolen through phishing exploits in the first half of 2024.
These attacks affected 266,713 victims and involved various phishing methods, including Permit, Increase Allowance, Increase Approval, and Uniswap Permit2. Pendle tokens were the most affected assets, followed by Restaking and Aave Collateral assets.