Crypto-Sec: DeFi Saver ownership phish, iVest shuts down after attack, plus hackathon clipboard hijack
A DeFi Saver user fell victim to a novel phishing attack, and a clipboard hijacker discovered at hackathon, plus new windows vulnerability
Crypto scams, hacks and exploits and how to avoid them: Crypto-Sec
A user of decentralized finance management protocol DeFi Saver suffered an unusual style of phishing attack on Aug. 21. According to an X post from blockchain security firm Global Ledger, the attacker tricked the user into reassigning ownership of their DeFi Saver Proxy contract.
The victim reportedly attempted to perform a transaction soon afterward, but it failed. The attacker then changed ownership again and drained the smart contract wallet of all of its Dai (DAI) stablecoin, removing over $55 million worth in total.
Blockchain data shows that the DAI came from the null address rather than from the victims address, implying that the attacker must have minted the DAI using the victims collateral instead of directly draining it from the victims account.
Go to Source
Author: Christopher Roark
