The increasing phishing attacks in the crypto ecosystem have found their next victim. This time, a governance participant in the MakerDAO ecosystem lost million in Aave Ethereum Maker (aETHMKR) and USDe tokens to an attacker who mercilessly siphoned the funds away from their wallet. They signed multiple transactions on a spoofed application, which was all that was needed for the hacker to make away with the million. About 3,657 aETHMKR tokens got transferred in the process through a transaction that witnessed a confirmation in 11 seconds. On-chain reveals that the transaction occurred between 0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa, the victim’s wallet, and 0x739772254924a57428272f429bd55f30eb36bb96, the scammer’s wallet, on June 23. Scam Sniffer detected the scam and
Topics:
Suraj Manohar considers the following as important: News, Security & Ransomware
This could be interesting, too:
Temitope Olatunji writes X Empire Unveils ‘Chill Phase’ Update: Community to Benefit from Expanded Tokenomics
Bhushan Akolkar writes Cardano Investors Continue to Be Hopeful despite 11% ADA Price Drop
Bena Ilyas writes Stablecoin Transactions Constitute 43% of Sub-Saharan Africa’s Volume
Chimamanda U. Martha writes Crypto Exchange ADEX Teams Up with Unizen to Enhance Trading Experience for Users
The increasing phishing attacks in the crypto ecosystem have found their next victim. This time, a governance participant in the MakerDAO ecosystem lost $11 million in Aave Ethereum Maker (aETHMKR) and USDe tokens to an attacker who mercilessly siphoned the funds away from their wallet.
They signed multiple transactions on a spoofed application, which was all that was needed for the hacker to make away with the $11 million. About 3,657 aETHMKR tokens got transferred in the process through a transaction that witnessed a confirmation in 11 seconds.
On-chain reveals that the transaction occurred between 0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa, the victim’s wallet, and 0x739772254924a57428272f429bd55f30eb36bb96, the scammer’s wallet, on June 23.
Scam Sniffer detected the scam and immediately posted on X, “5 hours ago, a victim lost $11 million worth of aEthMKR and Pendle USDe tokens due to signing multiple Permit phishing signatures.”
Arkham Intelligence narrowed down the victimized wallet’s owner to be a MakerDAO governance delegate through its holdings and transaction history. Governance delegates are part of MakerDAO’s decision-making community, voting on issue proposals that will eventually undergo executive decision to witness approval if favorable.
They influence the future of the dApp through consensus-based practices leading to upgrades, changes in interest rates for the protocol’s lending and borrowing use case, and more. So, governance delegates are an integral part of the MakerDAO ecosystem.
The form of phishing scam this delegate got sucked into is referred to as a permit phishing scam. In general, phishing scams cause losses in the millions in the crypto ecosystem. 2023 saw them steal about $300 million from about 320,000 users.
Scammers essentially gain access to user funds through falsified transactions that take the assets to a different source than what the victims appear to approve.
While half of 2024 remains, the number of reported incidents of scams is concerning.