Legal Notice: Nothing on the website constitutes professional and/or financial advice. All the content on the website is for informational purposes only. We have prepared all information herein from sources we believe to be accurate and reliable. However, such information is presented as is,” without warranty of any kind – whether expressed or implied. You acknowledge and agree that there are numerous risks associated with purchasing cryptocurrencies.
On Tuesday, a significant cryptocurrency whale experienced a devastating loss, with nearly $55.4 million in Dai stablecoin being stolen in a sophisticated phishing attack.
Blockchain security firm CertiK reported that the attacker likely employed a phishing tool known as Inferno Drainer to compromise the whale’s externally owned account (EOA).
Inferno Drainer Phishing Attack
The incident was initially uncovered by on-chain investigator ZachXBT, who alerted the community via a Telegram post. CertiK later confirmed the breach.
Inferno Drainers are infamous for tricking victims by impersonating legitimate websites or sending fraudulent emails from reputable cryptocurrency exchanges or decentralized finance (DeFi) platforms, ultimately leading to the theft of sensitive information.
This attack specifically targeted a Maker Vault, a collateralized debt position that enables users to borrow Dai stablecoins, which are pegged to the U.S. dollar, by depositing collateral. According to CertiK, the attacker exploited a vulnerability to seize control of the whale’s Maker Vault through the compromised EOA.
Once the hacker gained access, they transferred ownership of the victim’s DSProxy #166,776—a smart contract that allows users to execute multiple contract calls in one transaction—to a new address under their control.
After securing control, the attacker changed the protocol’s owner address to their own wallet and minted nearly 56 million in Dai, effectively depleting the vault’s funds.
Over $270 Million Lost in July Alone
This event adds to a growing list of high-profile hacks plaguing the cryptocurrency space. Earlier this week, ZachXBT reported another major breach involving the theft of 4,064 Bitcoin (BTC), valued at approximately $238 million.
The stolen Bitcoin was quickly laundered across various platforms, including THORChain, KuCoin, ChangeNow, Railgun, and Avalanche Bridge.
While the precise techniques used in the heist are still under investigation, experts suspect a combination of phishing, social engineering, and wallet vulnerabilities may have been exploited.
CertiK’s data revealed that more than $270 million was lost to hacks, exploits, and scams across Web3 projects in July alone. This figure represents the second-highest monthly loss in 2024, with attackers returning only $7.8 million of the stolen funds.
The report detailed the various tactics employed by these cybercriminals, including exit scams, which led to losses of around $3 million, flash loan exploits totaling approximately $265.8 million, and other breaches amounting to $9.8 million.
DeFi protocols remain a prime target for cyberattacks. Last month, the DEX aggregation and bridging protocol LI.FI suffered a $10 million loss due to a security breach.
In addition, the WazirX hack saw over $230 million laundered through the controversial mixing service Tornado Cash, leaving numerous retail investors grappling with significant losses.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Leave a comment