A significant mishap has just occurred in the world of cryptocurrency magnate MakerDAO. A governance delegate inadvertently became the victim of a phishing scam and subsequently lost $11 million in virtual money. The theft primarily involved Aave Ethereum (aEthMK) and Pendle USDe tokens. Scam Sniffer, a specialist in the industry, spotted the event first thing on June 23rd, revealing that the user had unluckily signed several deceptive signatures leading to the loss of their digital holdings.
Looking at the details of the transaction, it appears the funds transferred swiftly from the sender’s address to the recipient’s address in just 11 seconds. The victim, a governance delegate, plays a critical role within MakerDAO. This delegate’s responsibilities range from voting on governance proposals and polls to making fundamental decisions that drive the Maker protocol.
Ordinary procedure complies with Marker (MKR) holders, and delegates vote on proposals progressing from their initial stages to final executive ratification. If the proposal gains approval, the Maker protocol implements it after a waiting period called the Governance Security Module (GSM). This period functions as a security step to prevent sudden, abrupt changes to the protocol.
The technique used in this theft was a phishing scam, a common form of cybercrime that tricks victims into giving up sensitive data by posing as reputable sources. In this particular instance, the scam employed a popular method called “approval phishing,” falsely presenting themselves as part of the Permit network. This technique essentially tricks victims into signing transactions, granting scammers access to drain their wallets.
This tactic is not novel, but its more frequent use has been observed, particularly by pig-butchering scammers. The stats paint a grim picture. According to Scam Sniffer, phishing scams siphoned off $300 million from 320,000 users in 2023 alone. The report recorded some intense losses, with one individual losing a staggering $24.05 million due to misleading signatures claiming affiliation with networks like Permit and Approve.