A crypto holder who signed an unverified transaction lost $55 million in crypto to malicious actors who employed a phishing attack to steal the whale’s stablecoins.
On Aug. 20, a crypto wallet owner signed a transaction that changed the ownership of 55.47 million Dai (DAI) in the decentralized finance (DeFi) protocol Maker. Because of the signed transaction, a phishing address took ownership of the wallet’s stablecoins.
The whale seemed to realize the mistake and attempted to withdraw the funds to a new address. However, the transaction failed because of the owner change that already happened.
Malicious actors withdrew $55 million from the wallet
Blockchain analytics firm Lookonchain flagged that the attackers have already set the ownership to a newly created address and have withdrawn the digital assets from the platform. The attacker has exchanged 27.5 million DAI for 10,625 Ether (ETH).
The analytics firm warned users to refrain from signing unknown transactions and always double-check before clicking confirm on anything that requires a signature.
Phishing attacks deceive victims into installing fake software or signing malicious transactions to steal crypto assets. Malicious actors try to trick victims into giving up their private keys and personal information or giving them access to or ownership of wallets.
In the first half of 2024, phishing attacks resulted in almost half a billion dollars in losses. On July 3, blockchain security firm CertiK reported that almost $498 million were lost to phishing attacks within the crypto space. CertiK co-founder Ronghu Gu underscored the need for multifactor authentication methods like two-factor authentication and security keys.
Related: Ava Labs COO confirms X account hacked after posting memecoin
Australian-owned wallets hit by “approval phishing” scams
On Aug. 4, the Australian Federal Police said it was investigating losses from phishing scams affecting 2,000 Australian-owned digital asset wallets. This follows an operation led by analytics firm Chainalysis that found that Australian-owned wallets have been exploited by “approval phishing” tactics.
AFP Detective Superintendent Tim Stainton said that the intelligence gathered from the operation shed light on new tactics being used by cybercriminals.
Following this, the Australian Securities and Investments Commission revealed on Aug. 19 that it took down over 5,530 fake investment platforms, 1,065 phishing links and 615 crypto investment scams since July 2023.
Magazine: Crypto-Sec: $11M Bittensor phish, UwU Lend and Curve fake news, $22M Lykke hack