MakerDAO Delegate Loses $11M in Phishing Scam

Due to signing several signatures, a MakerDAO governance delegate lost $11 million in a phishing scam involving Aave Ethereum Maker (aEthMKR) and Pendle USDe token

Camcorder: The sniffer detected the incident in the early hours of June 23. The user’s digital assets were lost due to the phishing scheme, which was perpetrated after they signed multiple signatures.

Key participants in the MakerDAO system exploited

The transaction was confirmed within 11 seconds; the sender address, “0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa,” transferred 3,657 aEthMKR tokens to the recipient address, “0x739772254924a57428272f429bd55f30eb36bb96.”

According to Wu Blockchain, Arkham discovered that the victim in the case was a MakerDAO governance delegate. The delegate is a critical component of the MakerDAO system, contributing to its decision-making procedures.

Delegates are accountable for voting on governance proposals, surveys, and executive votes, significantly impacting decisions within the Maker protocol.

Ordinarily, Marker DAO

Token holders and delegates vote to determine propositions’ progression from initial polls to final executive votes.

The Governance Security Module (GSM) is a security measure implemented into the Maker protocol after a waiting period if a proposition is approved. Its purpose is to prevent sudden changes to the protocol.

The prevalence of phishing schemes is on the rise

Cointelegraph reported in December 2023 that crypto scammers were progressively employing “approval phishing” techniques to steal funds.

Approval phishing is a cryptocurrency scam in which criminals entice victims to sign transactions, granting them access to their wallets and enabling them to withdraw funds. Chainalysis stated that the technique is now being employed more frequently by pig-butchering scammers even though it is not a novel concept.

Phishing schemes are a prevalent form of cybercrime in which perpetrators impersonate legitimate entities to deceive individuals into disclosing sensitive information. In this instance, the user was tricked into signing numerous fraudulent signatures for the permitted network, losing their tokens.

Phishing schemes sucked $300 million from 320,000 users in 2023, according to a Scam Sniffer report published in 2024.

Phishing signatures, including “permit,” “permit 2,” and “increase allowance,” resulted in a single victim losing $24.05 million. This was one of the most grievous cases in the Scam Sniffer report.