Blockchain security platform Scam Sniffer recently revealed a crypto trader who lost $35 million in minutes. This trader is said to have lost this sum thanks to a social-engineered crypto scam, which continues to be rampant in the industry.
How This Crypto Trader Lost $35 Million
Scam Sniffer revealed in an X post that the crypto trader lost 15,079 fwDETH ($35 million) after signing a “permit” phishing signature. These scammers immediately sold off the funds, causing the price of dETH to plummet rapidly. This scam is also said to have led to attacks on protocols like PAC Finance and Orbit Finance.
This ‘Permit’ feature was introduced on the Ethereum network through the Ethereum Improvement Proposal (EIP) 2612 to help solve the challenge of having to pay gas fees multiple times.
This permit function allows traders to sign an approval message off-chain, essentially allowing them to conduct gasless transactions. However, as seen with this crypto trader who lost $35 million, a drawback with these Permit signatures is that they are more susceptible to social-engineered scams, unlike when conducting onchain approvals.
Scammers can easily trick users into granting approvals by giving them the impression that they are simply signing into a website while they are granting approval for their funds to be transferred from their wallets. Moreover, unlike warning signs displayed when signing an onchain approval, there are none for Permit signatures.
Phishing Scams Remain The Common Form Of Attack In Crypto
Phishing scams continue to be one of the most rampant social-engineered attacks in the crypto space. Scam Sniffer drew the community’s attention to how the KOR Protocol’s X account was recently compromised and was posting phishing tweets. They noted that these phishing tweets from notable X accounts are often the result of social engineering attacks that authorize malicious apps.
According to Scam Sniffer’s September Phishing Report, around 10,000 victims lost almost $46 million to crypto phishing scams. Meanwhile, in the third quarter of this year, up to $127 million in phishing losses occurred, with an average of 11,000 victims each month. Two victims are said to have accounted for $87 million of these losses.
Interestingly, one of the victims lost $32 million by signing a permit signature, similar to this crypto trader, who lost $35 million. Another trader lost $1 million by copying the wrong address from a “contaminated transfer history.” Scam Sniffer revealed that most of the phishing attacks were procured by clicking on phishing links from fake accounts on the X platform and Google phishing ads.
The platform recently gave an example of a Google phishing ad. They highlighted a ‘Chainlist’ ad on the search engine. This ad leads traders to connect their wallets, and their wallets get drained after they sign the phishing signature.
Featured image from Pexels, chart from TradingView
Leave a comment