A MakerDAO governance delegate has lost $11 million worth of Aave Ethereum Maker (aEthMKR) and Pendle USDe tokens in a phishing scam due to signing multiple fraudulent signatures.
Scam Sniffer detected the incident in the early hours of June 23. The user fell victim to the phishing scam after signing multiple signatures, resulting in the loss of their digital assets.
Exploitation of a Key MakerDAO Player
The attacker transferred 3,657 aEthMKR tokens from the sender address “0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa” to the recipient address “0x739772254924a57428272f429bd55f30eb36bb96.” The transaction was confirmed within 11 seconds.
Wu Blockchain reported that Arkham identified the victim as a MakerDAO governance delegate, a key player in the MakerDAO system who contributes to decision-making processes. Delegates are responsible for voting on governance proposals, polls, and executive votes, influencing significant decisions within the Maker protocol. Typically, MakerDAO tokenholders and delegates vote to decide on proposals, which progress from initial polls to final executive votes.
Rise in Phishing Scams
In December 2023, Cointelegraph reported that crypto scammers increasingly used “approval phishing” methods to steal funds. Approval phishing tricks victims into signing transactions that give scammers access to their wallets, allowing them to drain funds. While not a new technique, Chainalysis noted its increased use by pig-butchering scammers.
Phishing scams are a common cybercrime where perpetrators pretend to be reputable entities to trick individuals into providing sensitive data. In this case, the user was tricked into signing multiple permit network phishing signatures, leading to the loss of their tokens.
According to a Scam Sniffer report published earlier in 2024, phishing scams drained $300 million from 320,000 users in 2023 alone. Among the most severe cases, a single victim lost $24.05 million due to phishing signatures such as permit, permit 2, approve, and increase allowance.
The incident highlights the growing threat of phishing scams in the crypto space and underscores the need for heightened vigilance and security measures.