Cryptocurrency news

Crypto Investor Loses $36M to Permit Phishing Scheme

CryptoPotato / 11.10.2024 / 19:36
Crypto Investor Loses $36M to Permit Phishing Scheme

A recent cyberattack has led to an unsuspecting crypto investor reportedly losing 15,079 fwdETH, worth roughly $36 million.

In the incident, described by security experts as a permit phishing scam, the bad actor tricked the user into unknowingly signing a malicious signature, which gave the thief full access to the individual’s funds.

How it Happened

Scam Sniffer, a Web3 anti-scam platform, broke the news in an October 11 post on X, sharing the addresses of the victim and the attacker.

Five hours before the report surfaced, the victim, identified by the address 0xeab23c1e3776fad145e2e3dc56bcf739f6e0a393, signed a permit phishing signature, unknowingly authorizing the hacker to move their 15,079 fwdETH.

The exploiter, linked to the address 0x0605edee6a8b8b553cae09abe83b2ebeb75516ec, immediately sold the tokens on the market, apparently causing the price of dETH, a related asset, to crash by over 90% within 24 hours.

Chiming in on the incident, analyst roffett.eth warned that the drop in the price of dETH had affected several decentralized finance (DeFi) protocols, particularly PAC Finance and Orbit Finance since the sell-off had allegedly triggered vulnerabilities in their systems.

The Ripple Effect on DeFi

Permit phishing is still relatively new in crypto circles. It comes from criminals exploiting a requirement in certain DeFi tokens or contracts for the user to approve so-called permit signatures that grant third parties the ability to interact with their wallets, including spending or transferring funds.

Attackers usually create a fake website or interface that looks like a legitimate service or decentralized application (dApp) and then ask users to sign the “permit” transaction. This is often disguised as a legitimate request, tricking users into granting full access to their assets.

Such hacks exploit a lack of understanding around transaction permissions, allowing hackers to drain assets from even well-versed crypto users.

This isn’t the first time DeFi users have been targeted by phishing schemes. According to Scam Sniffer, something similar happened just 12 days earlier, with the victim in that incident losing 12,083 spWETH, which was then valued at about $32 million.

Due to the growing instances of such attacks, experts are urging users to be extra cautious when interacting with unfamiliar links or signing transaction permissions.

“Always double-check any signatures you’re asked to sign, and avoid clicking on unknown links,” Scam Sniffer posted as a reminder to the crypto community of the constant threat of phishing tricks.

Source
Recently News

© Token Radar 2024. All Rights Reserved.
IMPORTANT DISCLAIMER: All content provided herein our website, hyperlinked sites, associated applications, forums, blogs, social media accounts and other platforms (“Site”) is for your general information only, procured from third party sources. We make no warranties of any kind in relation to our content, including but not limited to accuracy and updatedness. No part of the content that we provide constitutes financial advice, legal advice or any other form of advice meant for your specific reliance for any purpose. Any use or reliance on our content is solely at your own risk and discretion. You should conduct your own research, review, analyse and verify our content before relying on them. Trading is a highly risky activity that can lead to major losses, please therefore consult your financial advisor before making any decision. No content on our Site is meant to be a solicitation or offer.