A Web3 phishing attack resulted in the loss of $55 million worth of Dai tokens. This recent incident highlights vulnerabilities in the security of digital assets. It also illustrates the broader trend of increasing cybercrime victims in the Web3 domain.
$55 Million in Dai Tokens Lost
According to a detailed post-mortem report by CertiK Alert from 21 August, the phishing scam was orchestrated by Fake_Phishing187019 (the attacker). The attacked stole 55,473,618 Dai tokens through a series of cleverly executed steps.
The attacker exploited weaknesses in externally owned accounts (EOAs), digital wallets that, like bank accounts, are vulnerable if not properly secured. The stolen tokens worth $55 million were quickly laundered through a complex trading network designed to cover the tokens.
After stealing the Dai tokens, he began to launder the funds. The process started with a bulk transfer of $36 million to an unknown address, followed by an additional $17.5 million sent via the CoW protocol.
To further hide the assets, the stolen funds were exchanged for bundles of ETH and Bitcoin through Uniswap V3, a popular cryptocurrency exchange. This method of theft shows the desire of criminals to hide and disperse the stolen money as efficiently as possible.
Hackers Stole $270M in July 2024
Scams, hacks, cyberattacks, and rugpulls are all too familiar in the crypto and Web3 world. This new theft shows a disturbing trend: cyber attacks in the Web3 space are increasing in frequency and intensity.
CertiK reported approximately $270.9 million was lost to various breaches, hacks, and fraud in July alone, but only $7.8 million was recovered. The report breaks down the losses into exit scams, flash loans, and other exploits, painting a grim picture of the current security landscape.
The recent WazirX hack, which resulted in a $230 million loss, is a prime example of the sector’s vulnerability.
Cryptocurrency scams exploit the decentralized nature of digital currencies through various tactics. Ponzi schemes collapse when new investments dry up, phishing attacks steal private keys through fake sites or emails, and ICO scams vanish after collecting funds.
Pump and dump schemes inflate prices before selling off, while exit scams involve sudden shutdowns with investors’ money. Fake wallets and exchanges steal funds, and malware or ransomware can lock data for ransom.
Pyramid schemes collapse after relying on new recruits to pay earlier ones. Users should research projects, verify their legitimacy, and use security measures like hardware wallets and two-factor authentication.
