Whale Hunter's Payday — August 20, 2024
What Happened
A single crypto whale lost an estimated $55.47M in a sophisticated phishing attack on August 20, 2024. The attacker took control of the whale's DSProxy contract — which controlled their MakerDAO Vault — and drained collateral.
Root Cause: Phishing → DSProxy Ownership Transfer
• Most likely vector: phishing tricked the whale into signing a transaction that transferred ownership of their DSProxy contract to the attacker
• DSProxy is a smart-contract wallet pattern (popular in MakerDAO ecosystem) where ownership controls all underlying positions
• Once the attacker owned the DSProxy, they could:
• Withdraw collateral from the linked Maker Vault
• Transfer all DAI/ETH/WBTC under the proxy's control
• Alternative theory: EOA private key compromise — but the victim's later call to their own DSProxy after the attack suggests the EOA itself was still in their control, supporting the ownership-transfer theory
Stolen Assets
• $55.47M in mixed crypto (mostly stablecoins + ETH from Maker collateral)
• Specific composition not fully public
Aftermath
• The attacker laundered funds through multiple wallets and DeFi platforms
• Some funds traced via on-chain analysts (ZachXBT et al.)
• Emblematic of the trend: as DeFi matures, attacks shift from contract bugs to social engineering of high-value individuals
Lessons
• Wallet UX problem: signing "transferOwnership()" of a proxy looks identical to signing routine ops on a hardware wallet
• Whale operators should use multisig with delay timelock for ownership-changing operations
• Phishing-aware wallet front-ends (e.g. Pocket Universe, Wallet Guard) could have flagged this
References