A MakerDAO governance delegate recently fell prey to a phishing scam, resulting in the loss of $11 million in digital assets. This incident has raised serious concerns about the security of crypto governance systems.
In the early hours of June 23, Scam Sniffer detected the theft of 3,657 Aave Ethereum Maker (aEthMKR) tokens and Pendle USDe tokens from a MakerDAO delegate. The scam occurred after the delegate signed multiple malicious signatures, allowing the attacker to gain control of their assets.
The compromised delegate, a crucial figure in MakerDAO’s governance structure, was targeted by the sender address “0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa.” The stolen tokens were transferred to the recipient address “0x739772254924a57428272f429bd55f30eb36bb96” and the transaction was confirmed within 11 seconds.
The delegate’s role involves voting on governance proposals, polls, and executive votes, making significant decisions within the Maker protocol. Delegates and tokenholders collaboratively decide on proposals that, if approved, are implemented after a waiting period known as the Governance Security Module (GSM). This module acts as a security measure to prevent abrupt changes to the protocol.
This incident highlights the vulnerability of even the most integral members of the MakerDAO system. With $11 million worth of tokens stolen, the security of digital assets within governance structures is under scrutiny. The MakerDAO community and the broader crypto industry must address these vulnerabilities to protect their assets and maintain trust in decentralized finance.
Receive intel reports across 15+ web3 sectors daily –early access.