Whale Hunter's Payday

On August 20, 2024, an anonymous crypto whale lost $55.47 million in DAI — the entirety of a single Maker vault position — to a phishing attack that exploited the Inferno Drainer infrastructure. The victim signed a malicious transaction on what they believed was the DeFi Saver management interface; the signature transferred ownership of their Maker vault to the attacker, who immediately withdrew the 55,473,618 DAI held against the position.

What happened

The victim's wallet held a substantial position in MakerDAO — collateralised debt that had generated 55.47M DAI in liquidity. The position was managed using DeFi Saver, a popular UI for monitoring and adjusting Maker vaults.

The attacker, operating through the Inferno Drainer scam-as-a-service platform:

1. Created a phishing copy of DeFi Saver's login page. Inferno Drainer specialises in this — they build pixel-perfect imitations of legitimate DeFi front-ends and inject malicious transaction-signing flows.
2. Lured the victim to the phishing page through some combination of search-engine poisoning, social-media impersonation, or a compromised bookmark.
3. The victim connected their wallet to the page expecting to manage their vault.
4. The phishing page presented a transaction for signing that appeared to be a routine vault interaction. The transaction was actually a transfer-of-ownership for the Maker vault to an attacker-controlled address.
5. The victim signed the transaction, believing it benign.
6. The attacker — now the legitimate vault owner per the on-chain record — withdrew the entire 55.47M DAI position.

ZachXBT identified the abnormal transaction within hours and surfaced the incident publicly. By the time the news broke, 27.5M DAI had already been swapped to ETH (~10,625 ETH) and routed through laundering services.

Aftermath

• The victim sued Coinbase for allegedly refusing to freeze portions of the stolen funds that briefly passed through Coinbase addresses — a contested lawsuit still in progress as of 2025.
• The bulk of the stolen DAI was converted and laundered through Tornado Cash and similar services.
• The Inferno Drainer infrastructure was partially shut down in late 2023 and reactivated through 2024 under various successor operations.

Why it matters

The Whale Hunter's Payday incident is the textbook case for why phishing-as-a-service has become the dominant attack vector against individual crypto holders. Inferno Drainer's business model:

• Build the phishing infrastructure — pixel-perfect imitations of DeFi UIs, transaction-construction logic, multi-chain payout routes.
• Rent it to "affiliates" who handle traffic acquisition (SEO, social, bookmark hijacking).
• Take a percentage of every successful drain.

The result is that attacking individual whales has become an industrialised process with low marginal cost per target. A whale holding $50M+ in a transparent on-chain position is essentially a billboard for these operations — visible to anyone scraping public on-chain data, with attack-cost dramatically less than expected return.

The defensive answers are well-documented and unevenly adopted:

• Hardware-wallet signing with on-screen calldata verification — don't rely on the dApp UI's representation of what you're signing.
• Bookmark-only access to DeFi front-ends — never search-result-click your way to a wallet-connection prompt.
• Per-wallet operational separation — never hold significant capital on the wallet used for daily interactions.
• Transaction simulation tools (Pocket Universe, Wallet Guard, Blockaid) that preview the actual effects of signing before commit.

The cost of underestimating these risks is precisely $55.47M, in the single case documented here, with similar incidents at smaller scale happening daily across the crypto ecosystem.