Last Tuesday, a major cryptocurrency holder was scammed out of nearly $55.4 million in DAI stablecoin, as a result of a phishing attack.
According to a report from blockchain security firm CertiK, the attacker is believed to have used a phishing tool known as “Inferno Drainer.”
Details:
The attack was first uncovered by investigator ZachXBT in a Telegram post, before CertiK confirmed the incident.
It’s worth noting that “Inferno Drainer” is one of the most popular phishing tools, which tricks victims by imitating legitimate websites or emails that appear to come from cryptocurrency exchanges or decentralized finance (DeFi) protocols, ultimately leading to the compromise of sensitive information.
The attack specifically targeted Maker Vault, a collateralized debt platform that allows users to borrow the dollar-pegged currency DAI by posting collateral. CertiK reported that the attacker exploited a vulnerability to access the whale’s vault through the hacked account.
Once the account was compromised, the attacker transferred ownership of the smart contract DSProxy #166,776, which allows users to perform multiple transactions within a single transaction, to a new address under their control.
After the thief took around $56 million worth of DAI, he changed the contract owner’s address to his own wallet, draining the victim’s funds entirely.
The attack is the latest in a series of high-profile security incidents to hit the cryptocurrency sector recently.
Earlier this week, investigator ZachXBT reported another hack that resulted in the theft of 4,064 Bitcoin (BTC), worth around $238 million.
This large amount of Bitcoin was quickly transferred across multiple platforms, including
THORChain, KuCoin, ChangeNow, and Avalanche Bridge, making it more difficult to track and recover the funds.
While the details of the method used in the theft are still unclear, experts suggest that a combination of phishing, social engineering, and exploiting vulnerabilities in digital wallets may be the main culprit.