ETH
by BSCN
October 11, 2024
Hackers drain 15,079 fwDETH from unsuspecting user through malicious permit transaction
An entity reportedly linked to a cryptocurrency venture capital fund has fallen victim to a major cyberattack, losing $36 million worth of tokens in the process.
🚨 5 hours ago, someone lost 15,079 fwDETH($35M) after signing a "permit" phishing signature.💸 pic.twitter.com/YG6KlgWMtv
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 11, 2024
The victim, whose identity has not been disclosed, unknowingly signed a malicious permit transaction that allowed hackers to drain a large sum of wrapped Ethereum (fwDETH).
According to blockchain monitoring service Lookonchain, the attack occurred on October 11, 2024, targeting an on-chain entity believed to be tied to Continue Capital, a well-known crypto venture capital firm.
The stolen funds, totaling 15,079 fwDETH, were then quickly sold off, causing a dramatic drop in the token’s value. fwDETH's price plummeted by 95% in its trading pair with fwWETH, but has since recovered, remaining down by about 43%.
According to reports from PeckShield, the hackers lured the victim into signing a permit message. This permit message, signed offline by the victim, granted the attacker authorization to drain the victim's wallet without needing any further interaction.
This type of phishing attack is particularly dangerous because it mimics legitimate requests for user signatures. Once the permit was signed, the attacker drained the funds from the victim’s account and quickly liquidated them on decentralized exchanges, causing a major drop in the token’s value.
Having received $12.8K in fwDETH, the scammer address exchanged 11,826 $DETH for 1,172.8 $ETH (worth $2.8M). Further, it swapped 2,261 fwDETH for 1,114.4 ETH (worth ~$2.7M), according to PeckShield.
The sharp decline in fwDETH's price also triggered problems for other DeFi protocols. PAC Finance and Orbit Finance, both of which rely on wrapped Ethereum tokens, were reportedly affected by the sudden drop in value.
Phishing attacks like this one are becoming more common and sophisticated. Hackers often disguise their malicious activities as legitimate requests for permissions, preying on the fast-paced nature of cryptocurrency trading, where users are constantly prompted to sign transactions or approve requests.
According to Certik’s 2024 blockchain security report, phishing is now one of the leading causes of financial loss in the crypto space. In the first half of 2024 alone, $498 million was stolen across 150 incidents due to phishing.
In September 2024,10,800 victims were impacted by phishing attacks, according to Scam Sniffer. The largest attack that month saw $32.43 million worth of spWETH stolen through a phishing permit signature, similar to the attack that drained fwDETH in this latest incident.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCN. The information provided in this article is for educational and entertainment purposes only and should not be construed as investment advice, or advice of any kind. BSCN assumes no responsibility for any investment decisions made based on the information provided in this article. If you believe that the article should be amended, please reach out to the BSCN team by emailing [email protected].
Latest News
February 8, 2025
Weekly Article Recap: 2/03-2/07
February 7, 2025
POPCAT Memecoin Review: Analysis and Prospects
February 7, 2025
Ondo Finance’s New Blockchain: What is Ondo Chain
February 7, 2025
Everything You Need to Know About Analog's Official Launch
February 7, 2025
Telegram Meets AI Agents: TheOpenLayer Partners with NPC Team
February 7, 2025
Donald Trump-Backed World Liberty Financial Plans to Create "Strategic Reserve"
February 7, 2025
When Will Pi Launch Open Network Mainnet?
February 7, 2025
Cboe BZX Files for Multiple Spot XRP ETFs with SEC: What You Need to Know