Web3 Phishing Attack Results in the Loss of $55 Million Worth of Dai Tokens

This recent incident highlights vulnerabilities in the security of digital assets. It also illustrates the broader trend of increasing cybercrime victims in the Web3 domain.

A recent Web3 phishing attack has resulted in the loss of $55 million worth of Dai tokens, highlighting ongoing vulnerabilities in the security of digital assets. This incident also contributes to a broader trend of increasing cybercrime victimisation within the Web3 domain.

The Dai tokens, valued at $55 million at the time of the attack, were stolen by an attacker identified as Fake_Phishing187019, according to a detailed post-mortem report by CertiK Alert on 21 August.

"CertiK Alert: Fake_Phishing187019 (Inferno Drainer) set the owner address of a Maker vault to 0x5d4b2a02c59197eb2cae95a6df9fe27af60459d4 and minted 55,473,618 Dai tokens (~$55M) to it. Stay Vigilant! "

The attack involved the exploitation of weaknesses in externally owned accounts (EOAs), which are digital wallets that can be compromised if not adequately secured, akin to bank accounts. The stolen tokens were swiftly laundered through a complex trading network designed to obscure the movement of the tokens.

After stealing the Dai tokens, the attacker began laundering the funds through a bulk transfer of $36 million to an unidentified address followed by an additional $17.5 million routed through the CoW protocol.

Continuing efforts to conceal the assets saw the stolen funds being exchanged for bundles of ETH and Bitcoin through Uniswap V3, a decentralized cryptocurrency exchange. This method of theft underscores the criminal desire to efficiently hide and disperse stolen funds.

The incident serves as the latest in a string of cyber attacks targeting Web3, highlighting an alarming trend. Scams, hacks, cyberattacks, and rugpulls have become common occurrences within the crypto and Web3 realm, and this new theft adds to the concerning narrative.

According to CertiK, around $270.9 million was lost to various breaches, hacks, and fraud in July, of which only $7.8 million was recovered. The report details losses incurred from exit scams, flash loans, and other exploits, presenting a sobering account of the current security landscape.

"CertiK Stats Alert: Combining all the incidents in July we’ve confirmed ~$270.9m lost to exploits, hacks and scams after ~$7.8m was returned. The amount is the second highest monthly loss so far in 2024.

Exit scams: ~$3m

Flash loans: ~$265.8m

Exploits: ~$9.8m

"

The recent WazirX hack, which resulted in a loss of $230 million, further exemplifies the sector's vulnerability.

Cryptocurrency scams exploit the decentralized nature of digital currencies, employing diverse tactics to swindle victims. These scams range from Ponzi schemes that collapse when new investments cease to flow, to phishing attacks that attempt to extract private keys through fake websites or emails, and ICO scams that vanish after collecting funds.

Pump and dump schemes inflate prices before selling off their holdings, while exit scams involve sudden shutdowns that leave investors stranded without their money. Additionally, fake wallets and exchanges are used to steal funds, and malware or ransomware can lock data, holding it hostage for a ransom.

Finally, pyramid schemes rely on new recruits to pay earlier members in a collapsing chain of payments. To safeguard against these scams, users are advised to thoroughly research projects, verify their legitimacy, and employ security measures such as hardware wallets and two-factor authentication.

The above is the detailed content of Web3 Phishing Attack Results in the Loss of $55 Million Worth of Dai Tokens. For more information, please follow other related articles on the PHP Chinese website!