Crypto whale loses $55 million in Dai stablecoin to phishing attack
Quick Take
- A crypto whale lost $55.4 million in Dai stablecoins due to a phishing attack.
- The exploited vulnerability involved accessing the victim’s EOA controlling a Maker vault.
- The attacker then transferred the ownership of the victim’s decentralized service proxy (DSProxy) to a new address, effectively taking control of the Maker vault and the associated assets.
On Tuesday, a crypto whale lost about $55.4 million worth of Dai stablecoin to a phishing attack, on-chain sleuth ZachXBT first noted.
Security firm CertiK noted that the attacker likely accessed EOA using Inferno Drainer. This phishing tool lures victims using fake websites or emails representing legitimate exchanges or DeFi protocols and then steals the user’s private information.
It explained that a malicious actor utilized a vulnerability to access the user’s externally owned account (EOA) that controlled a Maker vault. Maker Vaults are collateralized debt positions that allow users to borrow the U.S. dollar-pegged Dai stablecoin by depositing collateral.
Certik added that the attacker used the EOA to transfer the ownership of the user’s DSProxy (decentralized service proxy) to a new address controlled by the attacker. A DSProxy is a smart contract that enables users to execute multiple contract calls in one transaction.
Having gained control of the Maker vault, the attacker set the protocol's owner address to their wallet address and minted 55,473,618 Dai stablecoins into it.
The attacker controlled the victim's account
Security firm Blocksec confirmed this to The Block, adding that the attacker lured the victim into signing a TX to change the vault owner and then executed a TX to drain the vault. It explained that on-chain data suggested the Maker Vault owner likely assigned ownership of the DSProxy to the address labeled Fake_Phishing187019 on Etherscan during the phishing transaction.
Subsequently, Fake_Phishing187019 transferred ownership to the address 0x5D4b2, which is now handling further withdrawals and potential money laundering activities, including the withdrawal of the victim’s DAI.
"The victim tried to invoke DSProxy. However, since they were no longer the owner address of DSProxy, the invocation failed. Given this, the likelihood of the victim signing a phishing transaction is higher than the possibility of their private key being compromised," Blocksec analyst Jingyi Guo said.
DeFi protocols continue to be the center of cryptocurrency hacks, with DEX aggregation and bridging protocol LI.FI’s security breach last month resulted in losses of $10 million. Immunefi’s July report said the crypto industry saw over $1.19 billion in losses year-to-date due to hacks and scams.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
