ExchangeDEX+

Buy Crypto Markets Spot Futures500X Earn Events

A cryptocurrency investor recently lost $6.28 million to a sophisticated phishing scam that exploited malicious signature approvals. The incident serves as a significant reminder of the increasing prevalence of “permit phishing” schemes, which pose a serious threat to users in the DeFi ecosystem. Attacker Steals $6.28 Million The attack began when the victim received a targeted phishing message that appeared to be a legitimate update from a decentralized finance (DeFi) platform. Tempted by offers of better returns, the investor connected their wallet to a fake website. There, they signed an EIP-2612, which includes a feature that allows token approvals without gas fees. However, it can also unintentionally give scammers unlimited spending access to a smart contract. The theft occurred shortly after the approvals were granted. The scammer quickly executed a contract that drained 3,200 stETH and a matching amount of aEthWBTC from the victim’s wallet. The loot, which was traced to a mixer address, revealed a calculated plan to conceal the trail. The entire theft took less than 12 minutes, using automated scripts for speed. Scam Sniffer noted that the victim’s portfolio, which was worth over $10 million before the attack, lost half its value immediately. The rapid process allowed no time for intervention, as blockchain transactions cannot be reversed once completed. On-chain analysis indicated that the assets were unlikely to be recovered, as they were likely laundered through exchanges. Not New Following the exploit, some users on X have expressed shock, wondering how the victim unwittingly signed malicious token approvals. However, this subtle trap has long troubled the crypto space. For instance, earlier this month, a user of Venus Protocol lost $13.5 million. The victim fell prey to a phishing scam by approving a transaction from a malicious Core Pool Comptroller contract, which granted the attacker access to their funds. Once permission was given, the hacker quickly drained stablecoins and wrapped tokens from the trader’s wallet. Surprisingly, though, a few hours after the incident, the Venus team tracked the stolen funds by force-liquidating the hackers’ trade positions. The team fully recovered the stolen funds afterwards, leaving the thief with nothing. The post Crypto Investor Loses $6.28M to Sophisticated Phishing Permit Scam appeared first on Cointab.A cryptocurrency investor recently lost $6.28 million to a sophisticated phishing scam that exploited malicious signature approvals. The incident serves as a significant reminder of the increasing prevalence of “permit phishing” schemes, which pose a serious threat to users in the DeFi ecosystem. Attacker Steals $6.28 Million The attack began when the victim received a targeted phishing message that appeared to be a legitimate update from a decentralized finance (DeFi) platform. Tempted by offers of better returns, the investor connected their wallet to a fake website. There, they signed an EIP-2612, which includes a feature that allows token approvals without gas fees. However, it can also unintentionally give scammers unlimited spending access to a smart contract. The theft occurred shortly after the approvals were granted. The scammer quickly executed a contract that drained 3,200 stETH and a matching amount of aEthWBTC from the victim’s wallet. The loot, which was traced to a mixer address, revealed a calculated plan to conceal the trail. The entire theft took less than 12 minutes, using automated scripts for speed. Scam Sniffer noted that the victim’s portfolio, which was worth over $10 million before the attack, lost half its value immediately. The rapid process allowed no time for intervention, as blockchain transactions cannot be reversed once completed. On-chain analysis indicated that the assets were unlikely to be recovered, as they were likely laundered through exchanges. Not New Following the exploit, some users on X have expressed shock, wondering how the victim unwittingly signed malicious token approvals. However, this subtle trap has long troubled the crypto space. For instance, earlier this month, a user of Venus Protocol lost $13.5 million. The victim fell prey to a phishing scam by approving a transaction from a malicious Core Pool Comptroller contract, which granted the attacker access to their funds. Once permission was given, the hacker quickly drained stablecoins and wrapped tokens from the trader’s wallet. Surprisingly, though, a few hours after the incident, the Venus team tracked the stolen funds by force-liquidating the hackers’ trade positions. The team fully recovered the stolen funds afterwards, leaving the thief with nothing. The post Crypto Investor Loses $6.28M to Sophisticated Phishing Permit Scam appeared first on Cointab.

Crypto Investor Loses $6.28M to Sophisticated Phishing Permit Scam

2025/09/19 01:35

Attacker Steals $6.28 Million

The attack began when the victim received a targeted phishing message that appeared to be a legitimate update from a decentralized finance (DeFi) platform. Tempted by offers of better returns, the investor connected their wallet to a fake website.

There, they signed an EIP-2612, which includes a feature that allows token approvals without gas fees. However, it can also unintentionally give scammers unlimited spending access to a smart contract.

The theft occurred shortly after the approvals were granted. The scammer quickly executed a contract that drained 3,200 stETH and a matching amount of aEthWBTC from the victim’s wallet. The loot, which was traced to a mixer address, revealed a calculated plan to conceal the trail.

The entire theft took less than 12 minutes, using automated scripts for speed. Scam Sniffer noted that the victim’s portfolio, which was worth over $10 million before the attack, lost half its value immediately. The rapid process allowed no time for intervention, as blockchain transactions cannot be reversed once completed. On-chain analysis indicated that the assets were unlikely to be recovered, as they were likely laundered through exchanges.

Not New

Following the exploit, some users on X have expressed shock, wondering how the victim unwittingly signed malicious token approvals. However, this subtle trap has long troubled the crypto space. For instance, earlier this month, a user of Venus Protocol lost $13.5 million.

The victim fell prey to a phishing scam by approving a transaction from a malicious Core Pool Comptroller contract, which granted the attacker access to their funds. Once permission was given, the hacker quickly drained stablecoins and wrapped tokens from the trader’s wallet.

Surprisingly, though, a few hours after the incident, the Venus team tracked the stolen funds by force-liquidating the hackers’ trade positions. The team fully recovered the stolen funds afterwards, leaving the thief with nothing.

The post Crypto Investor Loses $6.28M to Sophisticated Phishing Permit Scam appeared first on Cointab.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.