Halborn Logo

// Blog

Explained: $55M Whale Phishing Hack (August 2024)


profile

Rob Behnke

August 27th, 2024


In August 2024, a whale holding over 55 million DAI was the victim of a hack. The attacker gained control over the whale’s wallet, enabling them to steal an estimated $55.47 million.

Inside the Attack

This attack began as a phishing attack against the whale with the intent of gaining control over their DSProxy smart contract. This type of smart contract enables its user to perform multiple calls within a single transaction, which can be useful for managing fees and protecting against front-running attacks targeting multi-stage operations.

The attacker likely used a phishing attack against the whale to trick them into signing a transaction transferring ownership of the proxy to them. Another possibility is that a phishing attack compromised the private keys for the externally owned account (EOA) that controlled the DSProxy.

However, the former is more likely because the victim attempted a call to their DSProxy after the attack occurred. This is likely because they realized that the transaction they signed was malicious and were attempting to undo it. However, it was too late since they were no longer the owner of the DSProxy contract.

This DSProxy controlled the whale’s Maker Vault. Transferring control over the DSProxy to their own address enabled the attacker to take control over the Maker Vault as well. With control over the whale’s Maker Vault, the attacker was able to withdraw about $55.47 in DAI to their own wallet.

Lessons Learned from the Attack

This attack against a whale was a multi-stage operation. First, the attacker performed a phishing attack to trick their target into signing a malicious transaction. This transaction transferred control over the whale’s DSProxy contract, which controlled their Maker Vault.

This was a highly targeted attack, as demonstrated by the attacker’s knowledge of their target and the steps required to reach the Maker Vault and its associated payoff. It also demonstrates the importance of implementing wallet security best practices, such as carefully validating the content of any transaction before signing it. An attacker doesn’t need to know the private key that controls a blockchain account if someone who does know it will sign transactions for them.

This incident provides one example of the importance of implementing wallet security best practices. For more information on how to properly secure your crypto assets against this and similar threats, check out this article on the top 10 ways to secure your crypto wallet.

© Halborn 2024. All rights reserved.