A recent phishing attack in the cryptocurrency world resulted in investors losing $36 million in digital assets. This exploit, called a ‘permission phishing scam’, allowed attackers to gain unauthorized access to victims’ wallets by tricking them into signing malicious transactions.
The incident highlighted the growing threat of phishing scams within the decentralized finance (DeFi) space, including permission phishing attacks, and raised concerns about security vulnerabilities across DeFi platforms.
Phishing Attacks: How They Deploy
According to Scam Sniffer, a Web3 fraud prevention platform, the attack occurred on October 11 when unsuspecting victims signed fraudulent signatures without their knowledge. This operation gave the hacker permission to transfer 15,079 fwdETH (equivalent to $36 million) from the victim’s wallet via a malicious permit phishing attack using the address 0x0605edee6a8b8b553cae09abe83b2ebeb75516ec.
Within hours, the attackers sold the stolen funds, causing a significant drop in the value of the associated asset, dETH. The rapid liquidation led to a 90% price crash within 24 hours, severely impacting the DeFi ecosystem, including platforms such as PAC Finance and Orbit Finance.
What is a permission phishing attack?
Permission phishing is a relatively new type of scam in the cryptocurrency industry. This involves attackers abusing permissions granted by users when signing certain transactions on a decentralized platform. Specifically, users are tricked into approving malicious permission signatures, allowing hackers to access their wallets and transfer funds.
In many cases, attackers set up fake websites that resemble legitimate decentralized applications (dApps). Users who interact with these fraudulent interfaces unwittingly grant fraudsters permission to take control of their assets through phishing attacks, including permission phishing tactics.
This scam highlights the importance of understanding the risks associated with trading permissions when dealing with decentralized platforms. Due to the deceptive nature of phishing tactics, even experienced cryptocurrency users can fall victim to these scams.
Impact on DeFi
The impact of this $36 million theft extends beyond individual victims. The massive sell-off of fwdETH caused a ripple effect in the broader DeFi market. Analysts have pointed out that the price drop could lead to vulnerabilities in various decentralized finance protocols, including PAC Finance and Orbit Finance, leading to system outages and potentially further losses due to these permission phishing scams.
Security experts warn that permission phishing scams are becoming increasingly common as attackers exploit weaknesses in DeFi platforms and users become less familiar with these systems.
Also Read: Trust Wallet: Best Cryptocurrency Wallet for Beginners
previous attack
Unfortunately, this is not the first time the DeFi community has been targeted by phishing attacks. Just two weeks before this incident, another phishing scheme resulted in the theft of 12,083 spWETH, worth approximately $32 million at the time. Hackers have used similar techniques to highlight the growing threat of permit phishing attacks in the industry.
These repeated attacks highlight the need for enhanced security measures and better training for cryptocurrency users to prevent further permission phishing attacks and other incidents.
Protect yourself from permission phishing
Experts urge cryptocurrency users to exercise extreme caution when interacting with unfamiliar websites or signing transaction authorizations. Scam Sniffer, the platform that reported the theft of $36 million, offered the following advice:
“Always double-check the signature you are asked to sign and don’t click on any unknown links.”
By carefully monitoring the permissions granted, users can better protect themselves against phishing scams and other malicious attacks, especially those that allow phishing attacks.
Conclusion: A wake-up call about DeFi security
As DeFi continues to grow in popularity, the associated risks also increase. The $36 million permit phishing scam is a stark reminder that even seasoned investors can be vulnerable to sophisticated attacks. Strengthening security practices, increasing user awareness, and adopting stronger protections across platforms will be key to securing the future of decentralized finance.