Crypto Whale Targeted
On Tuesday, a significant cryptocurrency whale experienced a devastating loss, with nearly $55.4 million in Dai stablecoin being stolen in a sophisticated phishing attack.
Blockchain security firm CertiK reported that the attacker likely employed a phishing tool known as Inferno Drainer to compromise the whale’s externally owned account (EOA).
Inferno Drainer Phishing Attack
The incident was initially uncovered by on-chain investigator ZachXBT, who alerted the community via a Telegram post. CertiK later confirmed the breach.
Inferno Drainers are infamous for tricking victims by impersonating legitimate websites or sending fraudulent emails from reputable cryptocurrency exchanges or decentralized finance (DeFi) platforms, ultimately leading to the theft of sensitive information.
This attack specifically targeted a Maker Vault, a collateralized debt position that enables users to borrow Dai stablecoins, which are pegged to the U.S. dollar, by depositing collateral. According to CertiK, the attacker exploited a vulnerability to seize control of the whale’s Maker Vault through the compromised EOA.
Once the hacker gained access, they transferred ownership of the victim’s DSProxy #166,776—a smart contract that allows users to execute multiple contract calls in one transaction—to a new address under their control.
After securing control, the attacker changed the protocol’s owner address to their own wallet and minted nearly 56 million in Dai, effectively depleting the vault’s funds.
Over $270 Million Lost in July Alone
This event adds to a growing list of high-profile hacks plaguing the cryptocurrency space. Earlier this week, ZachXBT reported another major breach involving the theft of 4,064 Bitcoin (BTC), valued at approximately $238 million.
The stolen Bitcoin was quickly laundered across various platforms, including THORChain, KuCoin, ChangeNow, Railgun, and Avalanche Bridge.
While the precise techniques used in the heist are still under investigation, experts suspect a combination of phishing, social engineering, and wallet vulnerabilities may have been exploited.
CertiK’s data revealed that more than $270 million was lost to hacks, exploits, and scams across Web3 projects in July alone. This figure represents the second-highest monthly loss in 2024, with attackers returning only $7.8 million of the stolen funds.
The report detailed the various tactics employed by these cybercriminals, including exit scams, which led to losses of around $3 million, flash loan exploits totaling approximately $265.8 million, and other breaches amounting to $9.8 million.
DeFi protocols remain a prime target for cyberattacks. Last month, the DEX aggregation and bridging protocol LI.FI suffered a $10 million loss due to a security breach.
In addition, the WazirX hack saw over $230 million laundered through the controversial mixing service Tornado Cash, leaving numerous retail investors grappling with significant losses.
Leave a comment