In a major crypto theft incident, a crypto whale lost approximately $55.4 million worth of DAI stablecoin to a phishing attack.
According to on-chain sleuth ZachXBT, the attack occurred on Tuesday, August 21st.
Security firm CertiK revealed that the attacker likely accessed the victim’s externally owned account (EOA) using a malicious tool called Inferno Drainer.
This phishing tool tricks users into providing their private information through fake websites or emails that impersonate legitimate crypto exchanges and DeFi protocols.
By compromising the victim’s EOA, which controlled a Maker vault, the attacker was able to steal the large sum of DAI stablecoin.
Maker Vaults allow users to borrow DAI by depositing collateral, and the hacker exploited a vulnerability to drain the vault.
Stolen ETH Moved to Tornado Cash
In the aftermath of the attack, on-chain monitoring by PeckShield has revealed that the phishing address used to steal the $55.4 million in DAI has now transferred 900 ETH (worth approximately $3.6 million) to the Tornado Cash cryptocurrency mixing service.
This is a common tactic employed by hackers to obfuscate the trail of stolen funds and make them harder to trace.
Also Read: X Platform Overrun By 300+ Crypto Scam Accounts A Day, Victims Defrauded of $3 Million
Heightened Crypto Scam Landscape
This high-profile phishing incident is part of a broader trend of increasing cryptocurrency-related scams and fraud around the world.
A recent report found that American founders account for 43% of all global crypto scams and failed projects, with China and the UK ranking second and third respectively.
Other notable crypto scam cases include a $12 million investigation in India involving the “HPZ Token,” as well as a $300,000 theft by a fake Uber driver in Arizona who stole passengers’ cryptocurrency.Â
The U.S. Securities and Exchange Commission has also cracked down on a $2.9 million Bitcoin fraud scheme involving three Nigerians impersonating financial professionals.
Importance of Security Awareness
This high-profile phishing attack underscores the critical need for heightened security awareness among cryptocurrency users.
Employing best practices such as verifying website URLs, enabling two-factor authentication, and avoiding unsolicited messages are essential to protect against such malicious activities.
As the crypto ecosystem continues to grow, vigilance and proactive security measures will be crucial to safeguard user funds and maintain trust in the industry.
Also Read: Indian Government Cracks Down on 17 Crypto Exchanges for Massive Tax Fraud Worth $97.1M