Key takeaways:
- Malicious actors used a phishing assault to steal $55 million worth of crypto from a crypto holder who signed an unconfirmed transaction.
- After attempting to withdraw the money to a different address, the whale appeared to realize its error.
Malicious actors used a phishing assault to steal $55 million worth of crypto from a crypto holder who signed an unconfirmed transaction.
The ownership of 55.47 million Dai in the decentralized finance (DeFi) protocol Maker was altered on August 20 when a crypto wallet owner signed a transaction. A phishing address gained control of the wallet’s stablecoins as a result of the signed transaction.
After attempting to withdraw the money to a different address, the whale appeared to realize its error. However, because the owner had already changed, the transaction was unsuccessful.
The attackers have already shifted ownership to a newly generated address and removed the digital assets off the platform, according to a warning from blockchain analytics company Lookonchain. The attacker has traded 10,625 Ether for 27.5 million DAI.
The analytics firm cautioned users not to sign transactions they did not understand and to always double-check before clicking confirm on anything that needs a signature.
Phishing attacks trick victims into downloading malicious software or agreeing to dubious transactions in order to steal crypto. Malevolent actors attempt to deceive victims into handing over their private keys, personal data, or wallet ownership.
Phishing attacks cost about half a billion dollars in losses in the first half of 2024. The blockchain security company CertiK revealed on July 3 that phishing scams in the crypto industry have cost victims about $498 million. Ronghu Gu, a co-founder of CertiK, emphasized the significance of multifactor authentication techniques such as security keys and two-factor authentication.
The Australian Federal Police announced on August 4 that they were looking into losses resulting from phishing attacks that affected 2,000 digital asset wallets owned by Australians. This comes after an investigation by analytics company Chainalysis, which discovered that “approval phishing” techniques have been used to compromise wallets owned by Australians.
According to AFP Detective Superintendent Tim Stainton, the operation’s information revealed new strategies being employed by hackers.
Subsequently, on August 19, the Australian Securities and Investments Commission (ASIC) disclosed that, since July 2023, it had removed over 5,530 fraudulent investment platforms, 1,065 phishing links, and 615 crypto investment schemes.