How to Stay Safe from Phishing Scams As DeFi User Loses $35M

• Phishing scam targets a DeFi user.
• $35M in fwDETH stolen. 
• Rapid sales caused dETH to crash. 

The decentralized finance (DeFi) sector is offering a new way to trade without intermediaries. However, this approach also brings serious risks, as seen with the rise of hacks and scams. 

A recent phishing attack cost one user $35 million, showcasing the vulnerabilities in the DeFi ecosystem. Here’s what went wrong. 

Phishing Scam Costs User $35M

On Friday, October 11, on-chain data revealed one of the largest losses in DeFi due to phishing scams. After approving a fraudulent permit signature, a DeFi user lost 15,079 fwDETH tokens, worth $35 million. 

According to online investigators, the phishing attack used the permit signature function. This feature, used to make token transfers easier, also allows attackers to drain user wallets. 

The stolen tokens were quickly sold on decentralized exchanges. The resulting volume and selling pressure even caused major declines in dETH price on DeFi platforms PAC Finance and Orbit Finance. 

How To Stay Safe From Phishing

To stay safe from phishing scams, users should follow several important practices that keep their funds safe. 

Double-Check Permissions: Before signing any signature approvals, carefully check the details of the transaction. Phishing attacks exploit the tendency for users to trust signature approvals online. In DeFi, the risk of these approvals is very high. 

Use Reputable Wallets: Many wallets come with built-in security features that help prevent common scams and exploits. 

Enable Multi-Factor Authentication (MFA): MFA adds an additional layer of security to transactions. When it is enabled, even if an attacker tricks a user into signing, they still have to pass additional security checks. 

Safe Browsing and Email Use: Do not respond to unsolicited emails. This is especially important for emails that encourage users to click links. Also always check the sender’s email, to weed out emails posing as legitimate entities. 

On the Flipside

• In June, Slowmist raised an alarm over the escalating number of phishing attacks on TON. 
• Cybercriminals are becoming more sophisticated with their scams. In February, Lookout revealed an advanced phishing kit for targeting exchanges. 

Why This Matters

The $35M DeFi phishing attack illustrates the vulnerability of the DeFi space to malicious actors. It also highlights the need for due diligence from users. 

Read more about phishing scams: 
324,000 Crypto Investors Fell Prey to Phishing Scams in 2023

Read more about Bitget targeting other types of scams: 
Bitget Tightens Token Listing Rules to Fight Exit Scams, Rug Pulls