This Trader Suffer Depressing Loss of $1.3M from a Phishing Attack
A Trader suffered a devastating loss encompassing 165,008 $MSTR ($169K), 73.83M $APU ($68K), and 107.8B $PEPE ($1.05M).
On Monday, October 14th, a trader suffered a depressing loss from the emergence of a “Permit2” phishing attack that drained a victim’s wallet of over $1.3 million.
Moreover, this attack serves as a stark reminder of the importance of vigilance and critical thinking when interacting with unknown links and signatures in the decentralized finance (DeFi) ecosystem.
The victim, with the wallet address 0xb0b866410a22501c0e6c2b2eb6a91b3322e440c7, suffered a devastating loss encompassing 165,008 $MSTR ($169K), 73.83M $APU ($68K), and 107.8B $PEPE ($1.05M).
The scammer, identified as 0x22408b5ba24368736ddbacd48a0c3b1a7c9a0930, successfully executed the attack by deploying a malicious “Permit2” signature. The malicious actor behind this exploit, known as “Drainer,” has perfected a method to generate temporary new addresses for each phishing signature, creating a seemingly legitimate facade for the victim.
The signature, once signed by the unsuspecting user, allows the Drainer to create a contract at that address and subsequently transfer the victim’s assets. The strategy exploits the CREATE2 opcode, which allows the prediction of a contract’s address before deployment, bypassing conventional wallet security measures.
Phishing Attack on the Rise
This attack is not an isolated incident. Drainer’s operations have resulted in a staggering estimated $60 million stolen from nearly 99,000 victims over the past six months. In a similar vein, a group has employed address poisoning techniques since August, leading to the theft of approximately $3 million from 11 victims, with one individual losing up to $1.6 million.
The rise of “Permit2” phishing signatures signifies a concerning shift in scammers’ tactics. Traditional phishing methods, relying on deceptive emails or websites, are being replaced by more sophisticated exploits that exploit the technical intricacies of blockchain technology.
Users must exercise extreme caution when interacting with unknown links or signatures to protect themselves from such attacks.
According to Scamsniffer on X, “Always verify the authenticity of any signature before signing, regardless of the source, moreover, approach any unsolicited requests or offers with suspicion, particularly if they promise high returns or seem too good to be true.”
Additionally, the firm advised to only interact with reputable platforms and applications, and avoid engaging with unknown or untrusted entities.
