A MakerDAO governance delegate recently fell victim to a phishing scam, resulting in the loss of $11 million worth of Aave Ethereum (aEthMK) and Pendle USDe tokens. The scam involved the delegate signing multiple phishing signatures, which led to the theft of their digital assets.
Details of the Incident
The scam was detected by Scam Sniffer in the early hours of June 23. The sender address, 0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa, transferred 3,657 aEthMK tokens to the recipient address, 0x739772254924a57428272f429bd55f30eb36bb96, with the transaction being confirmed within 11 seconds.
Crypto reporter Colin Wu noted that Arkham identified the victim as a MakerDAO governance delegate. These delegates are essential to the MakerDAO system, participating in governance proposals, governance polls, and executive votes, which influence key decisions within the Maker protocol.
Role of MakerDAO Delegates
MakerDAO delegates are responsible for voting on various governance proposals, from initial polls to final executive votes. Approved proposals are implemented into the Maker protocol after a waiting period known as the Governance Security Module (GSM). This module acts as a security measure to prevent sudden changes to the protocol.
Rise of Phishing Scams in Crypto
Phishing scams have become increasingly prevalent in the cryptocurrency space. Previously reported a rise in “approval phishing” methods, where scammers trick victims into signing transactions that grant access to their wallets. This method has been particularly utilized by pig-butchering scammers, as noted by Chainalysis.
Phishing scams involve cybercriminals posing as reputable entities to deceive individuals into providing sensitive information. In this case, the MakerDAO delegate was tricked into signing multiple Permit network phishing signatures, leading to the theft of their tokens.
Impact of Phishing Scams
According to a Scam Sniffer report, phishing scams drained $300 million from 320,000 users in 2023 alone. One of the most severe cases involved a single victim losing $24.05 million due to phishing signatures such as Permit, Permit 2, Approve, and Increase Allowance.
