Crypto trader loses $55M in DAI to phishing attack using Inferno Drainer kit

08/21/2024 18:45
Crypto trader loses $55M in DAI to phishing attack using Inferno Drainer kit

Inferno Drainer phishing kit used in $55 million DAI theft from DeFi user, according to a Scam Sniffer report.

Crypto trader loses $55M in DAI to phishing attack using Inferno Drainer kit Crypto trader loses $55M in DAI to phishing attack using Inferno Drainer kit 51 mins ago · 1 min read

The attacker has reportedly converted some of the stolen assets into Ethereum.

1 min read

Updated: Aug. 21, 2024 at 12:19 pm UTC

Crypto trader loses $55M in DAI to phishing attack using Inferno Drainer kit

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Blockchain security platform Scam Sniffer reported that a crypto trader lost $55.47 million in DAI stablecoin to a phishing attack.

According to the firm, the trader lost their assets after mistakenly transferring ownership of their collateralized debt position (CDP) on DeFi Saver Proxy to a malicious wallet.

DeFi Saver Proxy is a proxy contract deployed by Maker, the issuer of DAI stablecoin, for traders managing collateralized debt positions (CDPs).

The victim, identified as ‘0xf2B8,’ executed a ‘SetOwner’ transaction, unknowingly redirecting ownership of their DeFi Saver Proxy contract to a phishing address. When the victim attempted to execute a transaction, it failed because they no longer owned the DeFi Saver Proxy.

The attacker then transferred ownership to another address and drained the entire $55.47 million in DAI from the victim’s account.

Yu Xian, the founder of blockchain security firm SlowMist, pointed out that the attacker utilized the notorious Inferno Drainer crypto wallet-draining kit to perpetrate the attack.

Meanwhile, the blockchain analytical platform Lookonchain stated that the attacker had exchanged 27.5 million DAI for 10,625 ETH as of press time.

Phishing exploits

This latest exploit highlights the continued threat of phishing attacks in the crypto industry. In these frauds, attackers impersonate legitimate entities to steal sensitive data and gain access to their victims’ crypto wallets.

According to a report by Scam Sniffer, Wallet Drainers, a type of phishing malware, are often used on these phishing websites to trick users into signing malicious transactions. This year alone, over $314 million worth of digital assets were stolen through phishing exploits in the first half of 2024.

These attacks affected 266,713 victims and involved various phishing methods, including Permit, Increase Allowance, Increase Approval, and Uniswap Permit2. Pendle tokens were the most affected assets, followed by Restaking and Aave Collateral assets.

Mentioned in this article
Latest Alpha Market Report
Latest Press Releases

Read more --->