MakerDAO delegate’s $11M in tokens stolen in phishing scam

A MakerDAO governance delegate has lost $11 million worth of Aave Ethereum (aEthMK) and Pendle USDe tokens in a phishing scam due to signing multiple phishing signatures.

Scam Sniffer detected the incident in the early hours of June 23. The user fell victim to the phishing scam after signing multiple phishing signatures, which led to the loss of their digital assets.

The loss

The sender address, 0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa, transferred 3,657 aEthMK tokens to the recipient address 0x739772254924a57428272f429bd55f30eb36bb96, and the transaction was confirmed quickly within 11 seconds.

Crypto reporter Colin Wu reported that Arkham found that the victim in the case was a MakerDAO governance delegate. The delegate plays a key role in the MakerDAO system, contributing to its smooth functioning and decision-making processes

Delegates are responsible for voting on governance proposals, governance polls, and executive votes, influencing significant decisions within the Maker protocol.

Typically, Marker (MKR) holders and delegates vote to decide on proposals, which progress from initial polls to final executive votes.

Source:  Scam Sniffer

If a proposal is approved, it is implemented into the Maker protocol after a waiting period, known as the Governance Security Module (GSM), which serves as a security measure to prevent sudden changes to the protocol.

Phishing scams

In December, Cointelegraph reported that crypto scammers were increasingly turning to “approval phishing” methods to steal funds.

Related: Mark Cuban claims his Gmail was hacked after receiving hoax call

Approval phishing is a crypto scam where victims are tricked into signing transactions that give scammers access to wallets, allowing them to drain funds. While this isn’t new, Chainalysis said the technique is now utilized more often by pig-butchering scammers.

Phishing scams are a common form of cybercrime in which perpetrators pretend to be reputable entities to trick individuals into providing sensitive data. In this case, the user was tricked into signing multiple Permit network phishing signatures, which led to the loss of their tokens.

According to a Scam Sniffer report published earlier in the year, phishing scams drained $300 million from 320,000 users in 2023 alone.

Among the most severe cases in the Scam Sniffer report, a single victim lost $24.05 million due to phishing signatures such as Permit, Permit 2, Approve, and Increase Allowance.

Main, News

Leave a Reply

Your email address will not be published. Required fields are marked *