Crypto Whale Loses $55 Million In Massive Hack: Details

by

As a seasoned crypto investor with over a decade of digital currency trading under my belt, I can’t help but feel a mix of dismay and disappointment upon learning about this latest security breach that has resulted in an eye-watering loss of $55.47 million in DAI. The incident serves as yet another reminder of the precarious nature of investing in the crypto space and the importance of remaining vigilant at all times.

In a significant cyber incident, it’s been reported that a large-scale investor in cryptocurrency, known as a ‘crypto whale’, has allegedly lost approximately $55.47 million worth of DAI. This loss is believed to be the result of an intricate scam, referred to as phishing. The details of this incident were shared by blockchain analysis firm Lookonchain and cybersecurity company Certik. It appears that without authorization, the ownership of a Maker vault containing significant amounts of DAI was transferred to a malicious actor.

Here’s How The Mega Crypto Hack Happened

The story starts with an unsuspecting individual unwittingly agreeing to a transaction, which seemed harmless at first glance but was actually part of a trap. This deceptive transaction, specifically on August 20, 2024, at 5:40:47 PM UTC, stealthily transferred the control of DSProxy #166,776 to a notorious phishing address, “0x0000db5c8B030ae20308ac975898E09741e70000.”

After a change in ownership, the perpetrator employed a different account, “0x5D4b2a02c59197eb2cae95a6df9fe27af60459d4,” to fraudulently mint and withdraw 55,473,618 DAI tokens from the compromised vault. The blockchain records on Etherscan trace the attacker’s subsequent activities, which included converting around half of the stolen DAI into approximately 10,625 Ethereum (ETH).

CertiK, a leading security-focused ranking platform to analyze and monitor blockchain protocols and DeFi projects, identified the phishing technique used as part of a broader category known as Inferno Drainer. Inferno Drainer is a particularly virulent type of smart contract exploit that manipulates transaction permissions to redirect assets to addresses controlled by the attacker.

A common tactic involves hiding the threat (the exploit) in seemingly harmless or authentic-looking smart contracts. These deceptive contracts may even imitate normal contract activities, leading users to unknowingly execute transactions which ultimately give hackers authority or control over their digital possessions.

Certik stressed the critical nature of this exploit, indicating that the theft was facilitated by the attacker gaining control over the victim’s externally owned account (EOA) through deceptive means, including but not limited to, disguised malicious links or compromised interfaces.

After the occurrence, Lookonchain has been advocating for the protection of cryptocurrency assets. Through various channels, they have advised users to carefully verify transactions before confirming them and never to sign unfamiliar transactions.

2024 saw an unusually high number of crypto security issues, with July’s events contributing significantly to this trend. As per CertiK’s report, July’s losses reached a staggering $270.9 million due to multiple exploits, hacks, and fraudulent activities. However, around $7.8 million was returned to the affected parties. This total loss for July stands as the second highest monthly loss recorded in 2024.

In summary, CertiK found that exit scams were responsible for around $3 million of the overall losses, while flash loans, which are sometimes used in complex trading strategies but can also be abused to temporarily affect market prices, accounted for a whopping $265.8 million. Other exploits added approximately $9.8 million to this total.

At press time, the total crypto market cap stood at $2.053 trillion.

Crypto Whale Loses $55 Million In Massive Hack: Details

Read More

2024-08-21 18:42