A MakerDAO governance delegate was the victim of a phishing scam and lost $11 million worth of Aave Ethereum (aEthMK) and Pendle USDe tokens. The incident was detected by Scam Sniffer in the early hours of June 23. The user fell prey to the phishing scam after signing multiple phishing signatures, resulting in the loss of their digital assets.
The sender address, 0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa, transferred 3,657 aEthMK tokens to the recipient address 0x739772254924a57428272f429bd55f30eb36bb96, and the transaction was confirmed quickly within 11 seconds.
According to crypto reporter Colin Wu, Arkham discovered that the victim in this case was a MakerDAO governance delegate. These delegates play a crucial role in the MakerDAO system, contributing to its smooth functioning and decision-making processes. They are responsible for voting on governance proposals, governance polls, and executive votes, which influence significant decisions within the Maker protocol.
Typically, MKR holders and delegates vote to decide on proposals, which progress from initial polls to final executive votes. If a proposal is approved, it is implemented into the Maker protocol after a waiting period known as the Governance Security Module (GSM), which serves as a security measure to prevent sudden changes to the protocol.
In December, Cointelegraph reported that crypto scammers were increasingly using “approval phishing” methods to steal funds. Approval phishing is a crypto scam where victims are tricked into signing transactions that give scammers access to wallets, allowing them to drain funds. Chainalysis stated that this technique is now being utilized more often by pig-butchering scammers.
Phishing scams are a common form of cybercrime in which perpetrators pretend to be reputable entities to trick individuals into providing sensitive data. In this case, the user was tricked into signing multiple Permit network phishing signatures, resulting in the loss of their tokens.
According to a Scam Sniffer report published earlier in the year, phishing scams drained $300 million from 320,000 users in 2023 alone. One of the most severe cases in the report involved a victim losing $24.05 million due to phishing signatures such as Permit, Permit 2, Approve, and Increase Allowance.