Phishing Scam Costs MakerDAO Delegate $11m In Crypto Assets

A MakerDAO delegate lost $11 million in a phishing scam involving Aave Ethereum Maker and Pendle USDe tokens.

The phishing attack exploited the delegate’s role in MakerDAO’s governance, raising concerns about the protocol’s security.

A high-ranking MakerDAO governance delegate has suffered a huge $11 million loss in a phishing scam involving Aave Ethereum Maker (aEthMKR) and Pendle USDe tokens.

Scam Sniffer detected the Scam in the early hours of June 23. The unsuspecting delegate fell prey to the phishing attack after signing multiple signatures, a series of actions that ultimately led to the unauthorized transfer of their crypto assets.

5 hours ago, a victim lost $11 million worth of aEthMKR and Pendle USDe tokens due to signing multiple Permit phishing signatures. pic.twitter.com/9jhgQMdkl9

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) June 23, 2024

The heart of the phishing scam lies in the exploitation of an important figure within the MakerDAO system. The sender’s address, identified as “0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa,” dispatched 3,657 aEthMKR tokens to the recipient address “0x739772254924a57428272f429bd55f30eb36bb96.”

In an alarming 11 seconds, the transaction was confirmed, sealing the fate of the stolen assets. According to Colin Wu, Arkham’s analysis revealed that the victim was indeed a MakerDAO governance delegate.

This delegate plays a key role in MakerDAO’s governance, contributing to vital decision-making processes that shape the protocol’s future.

Delegates within MakerDAO are tasked with voting on various governance proposals, polls, and executive votes. Their influence is substantial, impacting major decisions within the Maker protocol.

These delegates, alongside MKR token holders, determine the outcomes of proposals that progress from initial discussions to final executive votes.

When a proposal gains approval, it is not immediately implemented. Instead, it enters a waiting period known as the Governance Security Module (GSM). 

This interval acts as a security buffer, preventing abrupt changes to the protocol and ensuring a period for reconsideration or potential veto.

The phishing scam has far-reaching implications for MakerDAO’s governance and security. With the delegate compromised, there is an immediate concern about the integrity and security of the voting process.

Delegates are pivotal in ensuring the governance framework operates smoothly, making informed decisions affecting the entire protocol.

The loss of such a significant amount of aEthMKR and Pendle USDe tokens impacts the delegate personally. 

It raises questions about the security measures in place to protect other delegates and stakeholders in the system.