A significant phishing scam has resulted in a MakerDAO governance delegate losing $11 million worth of Aave Ethereum Maker (aEthMKR) and Pendle USDe tokens, underscoring the persistent threat of such cyberattacks in the crypto realm.
Major Security Breach Detected by Scam Sniffer
In the early hours of June 23, Scam Sniffer, a renowned security watchdog, identified the incident. The delegate fell prey to the phishing scam after inadvertently signing multiple signatures, a misstep that led to the unauthorized transfer of their digital assets.
Key MakerDAO Delegate Compromised
The compromised address, “0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa,” dispatched 3,657 aEthMKR tokens to the recipient address “0x739772254924a57428272f429bd55f30eb36bb96.” This transaction was executed and confirmed within a swift 11-second window.
Wu Blockchain reported that Arkham identified the victim as a MakerDAO governance delegate, a pivotal figure within the MakerDAO ecosystem, instrumental in steering the protocol’s governance processes. Delegates are tasked with voting on governance proposals, polls, and executive votes, thereby shaping the strategic direction of the Maker protocol.
The Role of Delegates in MakerDAO
Delegates within MakerDAO hold significant responsibility, influencing key decisions through their votes. MakerDAO tokenholders and delegates engage in a rigorous process, voting on proposals that advance from initial polls to final executive votes. Once a proposal is approved, it undergoes a waiting period via the Governance Security Module (GSM), a safeguard designed to prevent abrupt protocol changes.
Also read: Blockchain Scams Exposed: Stories from Victims and Lessons Learned
Surge in Phishing Scams
In December 2023, Cointelegraph highlighted the rise in “approval phishing” tactics used by crypto scammers. Approval phishing involves duping victims into signing transactions that grant scammers wallet access, allowing them to siphon off funds. This method, while not new, has seen increased usage by scammers, notably those employing pig-butchering techniques.
Phishing scams remain a prevalent cybercrime, with perpetrators posing as trustworthy entities to deceive individuals into divulging sensitive information. In this particular case, the delegate was tricked into signing multiple permit network phishing signatures, culminating in the loss of their tokens.
Financial Impact of Phishing Scams
A report from Scam Sniffer published earlier in 2024 revealed that phishing scams drained $300 million from 320,000 users in 2023 alone. Among the most severe incidents documented, a single victim lost an astonishing $24.05 million due to phishing signatures involving permit, permit 2, approve, and increase allowance functions.
Also read: How Does An Infinite Mint Attack Work And Its Top 5 Dire Consequences
Conclusion
This incident underscores the ever-present dangers of phishing scams in the cryptocurrency space. It serves as a stark reminder for all participants to exercise heightened vigilance and adopt robust security measures to protect their digital assets. The crypto community must continue to innovate and implement sophisticated defenses to stay ahead of cybercriminals exploiting these vulnerabilities.