User loses $11 million in crypto phishing scam

According to Scam Sniffer, a victim parted with more than $11 million in aEthMKR and Pendle USDe tokens after signature multiple phishing permission signatures.

Notably, the victim is a MakerDAO governance delegate, according to Arkham Intelligence.

As noted by blockchain security firm SlowMist, victims could end up facing significant losses due to the firms’ risks.

HOT Stories

Bitcoin Ten-Year Prediction: Michael Saylor Hints at Price Boom Ahead

Bitcoin (BTC) Can Easily Hit $72,500, Here’s Why

More than 140,000 BTC from Mt.Gox hack to be refunded: market effect

Everything to know about Shiba Inu (SHIB) this week

The permission, which was enabled through EIP-2612, allows you to eliminate the need for prior authorization when interacting with smart contracts.

In particular, the feature allows generating authorization signatures without relying on on-chain transactions.

Potential victims can sign permission for a malicious website without transmitting it to the blockchain. Since possession of the signature is sufficient to grant authorization, permission carries a significant level of risk, according to SlowMist.

Bad actors can potentially trick their victims into providing signatures by posing as a legitimate website.

Determining whether a signature is compromised or not can be difficult because transactions occur off-chain. “As we understand, some wallets decode and display signature information to approve authorization phishing attempts, but lack sufficient warning regarding allowing signature phishing, posing greater risks to users,” the firm said.