Crypto Investor Loses $36M to Permit Phishing Scheme

A recent cyberattack has led to an unsuspecting crypto investor reportedly losing 15,079 fwdETH, worth roughly $36 million.

In the incident, described by security experts as a permit phishing scam, the bad actor tricked the user into unknowingly signing a malicious signature, which gave the thief full access to the individual’s funds.

How it Happened

Scam Sniffer, a Web3 anti-scam platform, broke the news in an October 11 post on X, sharing the addresses of the victim and the attacker.

Five hours before the report surfaced, the victim, identified by the address 0xeab23c1e3776fad145e2e3dc56bcf739f6e0a393, signed a permit phishing signature, unknowingly authorizing the hacker to move their 15,079 fwdETH.

The exploiter, linked to the address 0x0605edee6a8b8b553cae09abe83b2ebeb75516ec, immediately sold the tokens on the market, apparently causing the price of dETH, a related asset, to crash by over 90% within 24 hours.

Chiming in on the incident, analyst roffett.eth warned that the drop in the price of dETH had affected several decentralized finance (DeFi) protocols, particularly PAC Finance and Orbit Finance since the sell-off had allegedly triggered vulnerabilities in their systems.

The Ripple Effect on DeFi

Permit phishing is still relatively new in crypto circles. It comes from criminals exploiting a requirement in certain DeFi tokens or contracts for the user to approve so-called permit signatures that grant third parties the ability to interact with their wallets, including spending or transferring funds.

Attackers usually create a fake website or interface that looks like a legitimate service or decentralized application (dApp) and then ask users to sign the “permit” transaction. This is often disguised as a legitimate request, tricking users into granting full access to their assets.

Such hacks exploit a lack of understanding around transaction permissions, allowing hackers to drain assets from even well-versed crypto users.

This isn’t the first time DeFi users have been targeted by phishing schemes. According to Scam Sniffer, something similar happened just 12 days earlier, with the victim in that incident losing 12,083 spWETH, which was then valued at about $32 million.

Due to the growing instances of such attacks, experts are urging users to be extra cautious when interacting with unfamiliar links or signing transaction permissions.

“Always double-check any signatures you’re asked to sign, and avoid clicking on unknown links,” Scam Sniffer posted as a reminder to the crypto community of the constant threat of phishing tricks.