Unnamed Crypto Whale (Maker DSProxy vault): Phishing → EOA compromise → DSProxy ownership transfer → DAI vault drain
A whale lost 55.47M DAI when a phishing attack tricked them into signing away ownership of their Maker DSProxy, letting the attacker drain the vault directly.
Summary #
Unnamed Crypto Whale (Maker DSProxy vault) suffered a CDP / Personal Vault (Maker DSProxy) on 2024-08-20, resulting in a loss of approximately $55M.
What happened #
A whale lost 55.47M DAI when a phishing attack tricked them into signing away ownership of their Maker DSProxy, letting the attacker drain the vault directly.
Linked factors #
- RD-F-001 — causal : ★ Audit scope mismatch — exploited code outside scope [via dashboard_risk_factors/Was exploited code in audit scope?: N/A — the exploit is off-chain phishing; no code bug] || ★ Audit scope mismatch — full field name [via dashboard_risk_factors/Was exploited code in audit scope?: N/A — the exploit is off-chain phishing; no code bug]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: N/A (personal wallet / Maker DSProxy — no user-level bug bounty)]
- RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action: Y — DSProxy ownership transfer to attacker address was the pivotal on-chain step]