On August 20, a cryptocurrency wallet user signed an unverified transaction, resulting in the loss of 55.47 million Dai (DAI) due to a phishing attack. After realizing the mistake, the user attempted to withdraw the funds to a new address. However, the transaction failed because the wallet’s ownership had already been changed.
The attacker withdrew $55 million from the victim’s wallet. Blockchain analytics firm Lookonchain warned that the attacker had transferred ownership to a newly created address and withdrawn all the digital assets from the platform. Notably, the attacker exchanged 27.5 million DAI for 10,625 Ether (ETH).
The company advised users not to sign any transactions of unknown origin and always to double-check before confirming anything requiring a signature.
Phishing is a form of fraud in which attackers deceive victims into installing fake software or signing malicious transactions to steal digital assets. They attempt to trick victims into revealing their private keys, personal information, or granting access to their wallets.
In the first half of 2024, phishing attacks caused nearly half a billion dollars in losses. On July 3, blockchain security firm CertiK reported that nearly $498 million had been lost to phishing attacks within the cryptocurrency space. CertiK co-founder Ronghu Gu emphasized the importance of multi-factor authentication methods such as two-factor authentication and security keys.
Related: WazirX Exchange Hacked, Over $230 Million Lost
Australian Cryptocurrency Wallets Targeted by “Approval Phishing” Scams
On August 4, the Australian Federal Police (AFP) announced that it was investigating losses from phishing scams affecting Australian-owned digital asset wallets due to “approval phishing” tactics. This follows an investigation led by analytics firm Chainalysis, which found that Australian cryptocurrency wallets had been exploited by “approval phishing” strategies.
AFP Detective Superintendent Tim Stainton stated that the intelligence gathered from the investigation shed light on new tactics being used by cybercriminals. Following this, the Australian Securities and Investments Commission (ASIC) revealed on August 19 that it had taken down over 5,530 fake investment platforms, 1,065 phishing links, and 615 cryptocurrency investment scams since July 2023.
