A cryptocurrency trader recently lost $55.43 million in DAI after falling victim to a sophisticated phishing attack, which allowed the attacker to drain the trader’s wallet.
The victim, identified as 0xf2B889437F243396b29E829908b5d8ebE2e13048, 10 hours before the theft , signed a phishing transaction that executed a “setOwner” transaction on their DeFiSaver Proxy contract.
This transaction resulted in the ownership of the contract being transferred to a phishing address, 0x0000db5c8B030ae20308ac975898E09741e70000.
DeFi Saver is a popular tool among crypto traders for managing complex DeFi positions, but it also requires careful handling, especially when dealing with large amounts of digital assets.
Six hours later, the victim attempted to execute another transaction but was met with failure. only to discover that they were no longer the owner of the DeFi Saver Proxy contract. The attackers, who had taken control of the contract.
One hour later, the attacker, now in full control, changed the ownership of the contract to another address, 0x5D4b2A02c59197eB2cAe95A6Df9fE27af60459d4
, and drained the entire $55.43 million in DAI from the victim’s wallet.
According to Scam Sniffer | Web3 Anti-Scam, who first reported this incident, the phishing transaction was the key event that allowed the attacker to take over the victim’s DeFi Saver Proxy contract.
To avoid becoming the next victim of such scams, it is important for cryptocurrency holders, traders, and DeFi users to exercise extreme caution when dealing with any wallet operations involving large digital assets.
Always double-check any transactions you are about to execute, and never sign anything you are not completely confident about.Malicious hackers are always looking for new ways to steal your crypto assets.