Thomas Daniels

Published On: 24/06/2024
Share it!
MakerDAO Delegate Loses $11M in Tokens to Phishing Scam
By Published On: 24/06/2024
MakerDAO

A MakerDAO governance delegate has fallen prey to a sophisticated phishing attack, resulting in the theft of $11 million worth of Aave Ethereum Maker (aEthMKR) and Pendle USDe tokens. The incident was flagged by Scam Sniffer in the early hours of June 23, 2024. The delegate’s compromise involved signing multiple fraudulent signatures, which ultimately led to the unauthorized transfer of digital assets.

Key Exploitation of MakerDAO Delegate

The compromised assets were swiftly transferred from the delegate’s address, “0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa,” to the scammer’s address, “0x739772254924a57428272f429bd55f30eb36bb96,” with the transaction confirmed in merely 11 seconds. This governance delegate played a crucial role in MakerDAO, a decentralized finance (DeFi) platform responsible for significant decision-making processes.

Governance delegates within MakerDAO are pivotal, voting on various proposals that influence the protocol’s development and operations. They participate in polls and executive votes that ultimately decide the implementation of new measures into the Maker protocol. Typically, MakerDAO tokenholders and delegates progress proposals from initial polls to final executive votes, followed by a security waiting period known as the Governance Security Module (GSM) to ensure stability and prevent abrupt changes.

Rising Threat of Phishing Scams

Phishing scams have been on the rise, with Cointelegraph reporting in December 2023 that scammers increasingly employ “approval phishing” tactics. These scams trick users into authorizing transactions that give attackers access to their wallets, thereby enabling them to steal funds. Chainalysis has noted that such methods, often utilized by “pig-butchering” scammers, are becoming more prevalent.

Phishing scams typically involve deceivers posing as trustworthy entities to extract sensitive information from victims. In this case, the governance delegate was deceived into signing multiple phishing signatures, which facilitated the asset theft.

A report by Scam Sniffer earlier in 2024 highlighted that phishing scams resulted in the loss of $300 million from 320,000 users in 2023 alone. One of the most severe incidents documented involved a single victim losing $24.05 million due to various phishing techniques, including permit, permit 2, approve, and increase allowance.

Summary

This incident underscores the critical need for heightened security measures and vigilance within the DeFi space, as phishing tactics continue to evolve and pose significant risks to digital asset holders.

source