News

A Trader Suffer $35M Loss in a Phishing Attack, Causing fwDETH to Drop 95%

The subsequent rapid sale of the stolen fwdETH caused a sharp decline in its price, leading to further attacks on protocols like PAC Finance and Orbit Finance.

On October 11, 2024, A Trader Suffered a $35M Loss in a Phishing Attack of “permit” phishing signatures to drain user wallets. The subsequent rapid sale of the stolen fwdETH caused a sharp decline in its price, leading to further attacks on protocols like PAC Finance and Orbit Finance.

Notably, the user (0xeab23c1e3776fad145e2e3dc56bcf739f6e0a393) lose a substantial amount of assets to a scammer (0x0605edee6a8b8b553cae09abe83b2ebeb75516ec) after signing a malicious “permit” transaction.

The crux of this attack lies in the misuse of CREATE2, a mechanism that allows for the pre-computation of temporary addresses known as token spenders.

Moreover, the functionality, intended for legitimate purposes, is being exploited by malicious actors to generate new addresses for each fraudulent signature, thereby bypassing security alerts designed to protect users from known scam addresses.

Phishing Attack Ongoing Investigation

While the exact technical details of the attack remain under investigation, experts have identified a worrying pattern. This “permit” phishing method appears to be part of a broader trend. According to the security firm SlowMist, a group has been employing a similar technique since August, stealing over $3 million from 11 victims through “Address Poisoning” attacks. In this instance, one victim suffered losses exceeding $1.6 million.

Furthermore, the same Drainer responsible for this attack has allegedly stolen nearly $60 million from around 99,000 victims over the past six months. The alarming statistic underscores the scale and sophistication of the threat posed by these “permit” phishing attacks.

This incident serves as a stark reminder of the ongoing vulnerabilities within the DeFi ecosystem. While innovation and decentralization drive the space, safeguarding user assets remains a paramount concern. The rapid rise of “permit” phishing, with its ability to evade traditional security measures, demands a collective response from the DeFi community. Developers must focus on enhancing security protocols, while users must exercise extreme caution when signing transactions, particularly those involving complex or unfamiliar smart contracts.

Ultimately, addressing this emerging threat requires a multi-pronged approach: bolstering security measures, raising awareness among users, and promoting collaboration between security researchers, protocol developers, and regulatory bodies.

Back to top button