$2.28M Phishing Fraud on Aave: Detected by CUBE3.AI Before It Happened

On October 9, 2024, a sophisticated phishing exploit targeted a high-value wallet on Aave, resulting in the loss of approximately $2.28 million worth of aEthsDAI tokens. This attack sheds light on a cunning tactic used by fraudsters to bypass standard security measures by manipulating token approvals. Notably, CUBE3.AI had already flagged the attacker’s wallet back in September, highlighting the importance of early detection in preventing such threats before they unfold. Below is a detailed breakdown of the exploit.

Prefer listening? Dive into this 4-minute AI-powered conversation where two virtual hosts break down the $2.28M phishing exploit on Aave.

Key Details

• Attack Date: October 9, 2024
• Token Affected: aEthsDAI (Aave’s interest-bearing DAI)
• Total Loss: ~$2.28 million
• Attacker Contract Address: 0xed0e416e0feea5b484ba5c95d375545ac2b60572
• Attacker Wallet: 0xac68803be3ca28299bf09571945d4cd8e867e7f2
• Victim Wallet: 0xFCC5ACd50ae590889D2A53343D35b5fb80d403C2
• Key Transaction Hash: 0x64a00980f46659d25294f976866e1fb609d0abf7da05f6744bf5bf2bd586454f
• Platform: Aave

Anatomy of the Exploit

1. Approval of Token Spending:
   • Date/Time: October 9, 2024, 06:35:35 PM UTC
   • The attacker manipulated the victim into granting an unlimited token approval to a contract that was not yet deployed.
   • Approval Details:
     • Owner (Victim): 0xFCC5ACd50ae590889D2A53343D35b5fb80d403C
     • Spender (Attacker’s Contract): 0x063F5331be591B9506B995e9F7a94C8e6B30e6D9
     • Approval Value: Maximum possible, allowing the spender to transfer any amount of aEthsDAI from the victim’s account.
   • The attacker calculated in advance the address to which they would deploy their contract, tricking the victim into signing an approval for this future address.
2. Exploitation of the Approval:
   • Once the unlimited approval was granted, the attacker quickly deployed the contract to the pre-calculated address and executed the exploit.
   • Action: The attacker transferred approximately 2,229,311.57 aEthsDAI from the victim’s wallet to their own address.
   • Attacker Wallet: 0xac68803be3ca28299bf09571945d4cd8e867e7f2
   • Total Value Transferred: ~$2.28 million
   • Additionally, the attacker interacted with Aave to mint 67.00101303 aEthsDAI on behalf of the victim, manipulating the victim’s positions within the protocol.
3. Collateralizing the Stolen Tokens:
   • After transferring the tokens, the attacker used the stolen aEthsDAI as collateral in Aave by enabling the ReserveUsedAsCollateralEnabled event.
   • Action: This move allowed the attacker to secure the stolen assets within Aave, enabling them to borrow other assets against the collateral, thereby obfuscating the path of the stolen funds.

Attack Analysis

This exploit leveraged a classic phishing tactic, where the attacker deceives the victim into signing a transaction approval that ultimately grants control over their assets. The attacker’s strategy of using a pre-calculated contract address made it difficult for traditional security tools to detect the threat in advance. By deploying the contract only after gaining approval, the attacker minimized their risk of being flagged.

Conclusion

This attack on Aave demonstrates how pre-crime detection is crucial in today’s rapidly evolving crypto landscape. While the exploit was sophisticated, phishing addresses like these have been in our system since mid-September, ready to be flagged by CUBE3.AI‘s models. If the victim had used a wallet provider that leverages our address scoring, this threat could have been identified before the exploit ever took place.

CUBE3.AI focuses on detecting and scoring suspicious activities before they escalate, offering a chance to act against fraud attempts at the earliest stage. Real-time and pre-crime protection are key to safeguarding businesses against these increasingly complex tactics used by attackers.

By staying ahead of the curve with proactive measures, organizations can better protect their assets and prevent fraud before it even begins. Protect your business and your customers by investing in robust security strategies that prioritize early detection.

Staying vigilant and adopting comprehensive security measures can be the key to stopping threats before they cause irreversible damage. Protect your business and your customers by taking proactive steps against fraud.