A MakerDAO governance delegate has been defrauded of $11 million worth of Aave Ethereum (aEthMK) and Pendle USDe tokens in a phishing scam after signing multiple false signatures.
The incident was discovered by Scam Sniffer in the early hours of June 23. The user was lured into the phishing scam by signing multiple false signatures, resulting in the loss of their digital assets.
The sender address, 0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa, transferred 3,657 aEthMK tokens to the recipient address 0x739772254924a57428272f429bd55f30eb36bb96, and the transaction was confirmed in just 11 seconds.
According to crypto reporter Colin Wu, it was revealed that the victim was a MakerDAO governance delegate. Delegates play a crucial role in the MakerDAO system, contributing to its smooth operation and decision-making processes.
Delegates are responsible for voting on governance proposals, governance polls, and executive votes, influencing significant decisions within the Maker protocol. Typically, Marker (MKR) holders and delegates vote to decide on proposals, which progress from initial polls to final executive votes.
If a proposal is approved, it is implemented into the Maker protocol after a waiting period called the Governance Security Module (GSM), which serves as a security measure to prevent sudden changes to the protocol.
As reported by Cointelegraph in December, crypto scammers have been increasingly using “approval phishing” methods to steal funds. Approval phishing is a crypto scam in which victims are deceived into signing transactions that give scammers access to wallets, allowing them to drain funds. This technique has been more frequently used by pig-butchering scammers.
Phishing scams are a common form of cybercrime, in which perpetrators pose as reputable entities to deceive individuals into providing sensitive data. In this case, the user was tricked into signing multiple Permit network phishing signatures, resulting in the loss of their tokens.
According to a report by Scam Sniffer, phishing scams drained $300 million from 320,000 users in 2023 alone. In one of the most severe cases in the report, a single victim lost $24.05 million due to phishing signatures such as Permit, Permit 2, Approve, and Increase Allowance.