QI Quadriga Initiative

Jun 2024 - MakerDAO Delegate aEthMKR Pendle USDe Phishing Attack - $11m (Global)

"This delegate plays a key role in MakerDAO’s governance, contributing to vital decision-making processes that shape the protocol’s future."

"Delegates within MakerDAO are tasked with voting on various governance proposals, polls, and executive votes. Their influence is substantial, impacting major decisions within the Maker protocol.

These delegates, alongside MKR token holders, determine the outcomes of proposals that progress from initial discussions to final executive votes.

When a proposal gains approval, it is not immediately implemented. Instead, it enters a waiting period known as the Governance Security Module (GSM). This interval acts as a security buffer, preventing abrupt changes to the protocol and ensuring a period for reconsideration or potential veto."

"The heart of the phishing scam lies in the exploitation of an important figure within the MakerDAO system. The sender’s address, identified as “0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa,” dispatched 3,657 aEthMKR tokens to the recipient address “0x739772254924a57428272f429bd55f30eb36bb96.”

In an alarming 11 seconds, the transaction was confirmed, sealing the fate of the stolen assets."

"5 hours ago, a victim lost $11 million worth of aEthMKR and Pendle USDe tokens due to signing multiple Permit phishing signatures."

"Scam Sniffer detected the Scam in the early hours of June 23. The unsuspecting delegate fell prey to the phishing attack after signing multiple signatures, a series of actions that ultimately led to the unauthorized transfer of their crypto assets."

Further Analysis

One of the large delegates of the MakerDAO protocol accidentally signed a malicious transaction on a wallet with a reported $11m worth of assets, transferring those to an attacker. This was likely due to an impersonation account on Twitter, which was mimicking the main account of a prominent protocol. There is no word on who the victim was, and much less on the attacker or any efforts to recover the funds.

How Could This Have Been Prevented?

More Cryptocurrency Exchange Hacks/Scams/Frauds

Ethereum Foundation Mailing List Phishing > > < < CoinStats AWS Compromise Wallets Drained

Sources/Further Reading

Rekt - Crypto's Achilles' Heel (Dec 31)
@realScamSniffer Twitter (Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Dec 31)
@RektHQ Twitter (Dec 31)
@sankara86299325 Twitter (Dec 31)
@Rochell03992745 Twitter (Dec 31)
@DigitalPhantom0 Twitter (Dec 31)
@PeckShieldAlert Twitter (Dec 31)
@realScamSniffer Twitter (Dec 31)
@0xBullreal Twitter (Dec 31)
@Cryptoinfowatch Twitter (Dec 31)
@moonypto_com Twitter (Dec 31)
@DAOscope Twitter (Dec 31)
https://www.cryptopolitan.com/phishing-scam-costs-makerdao-delegate-11m/ (Dec 31)
@veritas_web3 Twitter (Dec 31)
@DepressedNorman Twitter (Dec 31)
https://cointelegraph.com/news/makerdao-delegate-loses-11m-in-phishing-scam (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.