Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The malicious Web3 applications "phishing dapps" were discovered in a recent study, they pretend to be legitimate applications or services to steal cryptocurrencies. For example, since MakerDAO officially closed the single-mortgage Sai system, such phishing tools have begun to appear, and they pretended to need a new tool to help users migrate from SAI to DAI. For example, a domain name provides a simple interface to start the migration from SAI to the new DAI at a 1:1 ratio, it seems like an official channel. However, the actual transaction to be signed simply sends the SAI to an address owned by the attacker. SAI, which has been traced to more than US$100,000, was transferred to the attacker's account. Attack method (per SlowMist): Phishing attack. Reported loss: $ 100,000.
- chain
- —
- protocol
- Web3 DeFi
- bug_class
- phishing
- date_occurred
- 2020-06-25
- loss_usd
- $100,000
- source_id
- sm:web3-defi::2020-06-25