On Tuesday, a cryptocurrency whale suffered a loss, with approximately $55.4 million worth of Dai stablecoins stolen in a phishing attack.
According to blockchain security firm CertiK, the attacker likely used a phishing tool known as Inferno Drainer to gain access to the whale’s externally owned account (EOA).
Inferno Drainer Fishing Attack
The incident was first reported by chain detective ZachXBT in a Telegram post, where he highlighted the breach before CertiK confirmed the news.
Inferno Drainers are known to trick victims by impersonating legitimate websites or emails of well-known cryptocurrency exchanges or decentralized finance (DeFi) protocols, ultimately compromising their private information.
The attack targeted a Maker Vault, a collateralized debt position that allows users to borrow the US dollar-pegged Dai stablecoin by depositing collateral. CertiK explained that the bad actor exploited a vulnerability to gain control of the whale’s Maker Vault via the compromised EOA.
The hacker then transferred ownership of the victim’s DSProxy #166776, a smart contract that allows users to execute multiple contract calls in a single transaction, to a new address under his control.
The attacker changed the protocol owner’s address to his wallet after gaining control and minted nearly 56 million DAI, effectively draining the vault of its funds.
In July it has more than 270 million dollars in losses
This incident is the latest in a series of high-profile hacks targeting the crypto space. Earlier this week, ZachXBT reported a separate breach involving the theft of 4,064 Bitcoin (BTC), worth approximately $238 million.
The stolen BTC stash was quickly transferred to several platforms, including THORChain, KuCoin, ChangeNow, Railgun, and Avalanche Bridge.
While the exact method used in the theft remains unclear, experts believe a combination of phishing, social engineering and exploiting wallet vulnerabilities may have been involved.
According to CertiK, more than $270 million was lost in various hacks, exploits and scams on Web3 projects in July alone. This figure represents the second highest monthly loss on record in 2024, with attackers only returning $7.8 million of stolen funds.
The report highlighted the various methods used by bad actors, including exit scams, which accounted for approximately $3 million in losses, flash loans with an estimated loss of $265.8 million, and other exploits totaling ‘about 9.8 million dollars.
DeFi protocols have become a prime target for cybercriminals, as DEX bridge and aggregation protocol LI.FI suffered a $10 million loss due to a security breach last month.
Additionally, the hack of WazirX, which accounted for more than $230 million through the controversial mixing service Tornado Cash, left several retail investors with losses.
SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).
2024 LIMITED OFFER on BYDFi Exchange – Up to $2888 Welcome Reward, Use this link to register and open a 100 USDT-M position for free!