A MakerDAO governance delegate has lost $11 million worth of Aave Ethereum Maker (aEthMKR) and Pendle USDe tokens in a phishing scam due to signing multiple signatures.
Scam Sniffer detected the incident in the early hours of June 23. The user fell victim to the phishing scam after signing multiple signatures, which led to the loss of their digital assets.
Key player in MakerDAO system exploited
The sender address, “0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa,” transferred 3,657 aEthMKR tokens to the recipient address “0x739772254924a57428272f429bd55f30eb36bb96,” and the transaction was confirmed within 11 seconds.
Wu Blockchain reported that Arkham found that the victim in the case was a MakerDAO governance delegate. The delegate plays a key role in the MakerDAO system, contributing to its decision-making processes
Delegates are responsible for voting on governance proposals, polls and executive votes, influencing significant decisions within the Maker protocol.
Typically, Marker DAO (MKR) tokenholders and delegates vote to decide on proposals, which progress from initial polls to final executive votes.
If a proposal is approved, it is implemented into the Maker protocol after a waiting period known as the Governance Security Module (GSM), which serves as a security measure to prevent sudden changes to the protocol.
Phishing scams on the up
In December 2023, Cointelegraph reported that crypto scammers increasingly used “approval phishing” methods to steal funds.
Related: Mark Cuban claims his Gmail was hacked after receiving hoax call
Approval phishing is a crypto scam where victims are tricked into signing transactions that give scammers access to wallets, allowing them to drain funds. While this isn’t new, Chainalysis said the technique is now utilized more often by pig-butchering scammers.
Phishing scams are a common cybercrime where perpetrators pretend to be reputable entities to trick individuals into providing sensitive data. In this case, the user was tricked into signing multiple permit network phishing signatures, which led to the loss of their tokens.
According to a Scam Sniffer report published earlier in 2024, phishing scams drained $300 million from 320,000 users in 2023 alone.
Among the most severe cases in the Scam Sniffer report, a single victim lost $24.05 million due to phishing signatures such as permit, permit 2, approve and increase allowance.
Magazine: ‘Bitcoin Layer 2s’ aren’t really L2s at all: Here’s why that matters