ETH

Crypto VC-Linked Entity Loses $36M to Phishing Attack - Report

by Soumen Datta

October 11, 2024

Hackers drain 15,079 fwDETH from unsuspecting user through malicious permit transaction

An entity reportedly linked to a cryptocurrency venture capital fund has fallen victim to a major cyberattack, losing $36 million worth of tokens in the process.

🚨 5 hours ago, someone lost 15,079 fwDETH($35M) after signing a "permit" phishing signature.💸 pic.twitter.com/YG6KlgWMtv
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 11, 2024

The victim, whose identity has not been disclosed, unknowingly signed a malicious permit transaction that allowed hackers to drain a large sum of wrapped Ethereum (fwDETH).

According to blockchain monitoring service Lookonchain, the attack occurred on October 11, 2024, targeting an on-chain entity believed to be tied to Continue Capital, a well-known crypto venture capital firm.

The stolen funds, totaling 15,079 fwDETH, were then quickly sold off, causing a dramatic drop in the token’s value. fwDETH's price plummeted by 95% in its trading pair with fwWETH, but has since recovered, remaining down by about 43%.

How the Hack Happened

According to reports from PeckShield, the hackers lured the victim into signing a permit message. This permit message, signed offline by the victim, granted the attacker authorization to drain the victim's wallet without needing any further interaction.

This type of phishing attack is particularly dangerous because it mimics legitimate requests for user signatures. Once the permit was signed, the attacker drained the funds from the victim’s account and quickly liquidated them on decentralized exchanges, causing a major drop in the token’s value.

Having received $12.8K in fwDETH, the scammer address exchanged 11,826 $DETH for 1,172.8 $ETH (worth $2.8M). Further, it swapped 2,261 fwDETH for 1,114.4 ETH (worth ~$2.7M), according to PeckShield.

The sharp decline in fwDETH's price also triggered problems for other DeFi protocols. PAC Finance and Orbit Finance, both of which rely on wrapped Ethereum tokens, were reportedly affected by the sudden drop in value.

Growing Threat of Phishing in Crypto

Phishing attacks like this one are becoming more common and sophisticated. Hackers often disguise their malicious activities as legitimate requests for permissions, preying on the fast-paced nature of cryptocurrency trading, where users are constantly prompted to sign transactions or approve requests.

According to Certik’s 2024 blockchain security report, phishing is now one of the leading causes of financial loss in the crypto space. In the first half of 2024 alone, $498 million was stolen across 150 incidents due to phishing.

In September 2024,10,800 victims were impacted by phishing attacks, according to Scam Sniffer. The largest attack that month saw $32.43 million worth of spWETH stolen through a phishing permit signature, similar to the attack that drained fwDETH in this latest incident.

Disclaimer

Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article

Author

Soumen Datta

Soumen is an experienced writer in cryptocurrencies, DeFi, NFTs, and GameFi. He has been analyzing the space for the last several years and believes there is a lot of potential with blockchain technology, even though we are still at an early stage. In his spare time, Soumen enjoys playing his guitar and singing along. Soumen holds bags in BTC, ETH, BNB, MATIC, and ADA.