The blockchain security platform Scam Sniffer has recently disclosed the case of a crypto trader who incurred a loss of $35 million within minutes. This individual reportedly fell victim to a social-engineering crypto scam that remains prevalent in the industry.
How This Crypto Trader Ended Up Losing $35 Million
According to a post by Scam Sniffer on X, the trader lost 15,079 fwDETH (valued at $35 million) after signing a “permit” phishing signature. The scammers promptly liquidated the assets, leading to a sharp decline in the price of dETH. This scam has also been linked to attacks on protocols such as PAC Finance and Orbit Finance.
The ‘Permit’ feature, introduced via the Ethereum network through Ethereum Improvement Proposal (EIP) 2612, was designed to address the issue of users having to pay gas fees multiple times.
This permit feature enables traders to sign an approval message off-chain, facilitating gasless transactions. However, the case of the crypto trader who lost $35 million illustrates a significant drawback of Permit signatures—they are more vulnerable to social-engineered scams compared to on-chain approvals.
Scammers can easily mislead users into signing approvals by presenting the action as simply logging into a website, while in reality, they are permitting the transfer of funds from their wallets. Additionally, there are no warning indicators for Permit signatures, unlike those associated with on-chain approvals.
Phishing Scams Continue To Be A Major Threat In Crypto
Phishing scams remain one of the most widespread social-engineered attacks within the crypto space. Scam Sniffer alerted the community about the recent compromise of the KOR Protocol’s X account, which was disseminating phishing tweets. These phishing messages often stem from social engineering attacks that approve harmful applications.
As per Scam Sniffer’s Phishing Report for September, approximately 10,000 victims lost around $46 million due to crypto phishing scams. During the third quarter of this year, losses from phishing reached up to $127 million, with an average of 11,000 victims each month. Disturbingly, two individuals accounted for $87 million of these losses.
Notably, one victim suffered a loss of $32 million due to signing a permit signature, echoing the experience of the trader who lost $35 million. Another individual lost $1 million by mistakenly copying an incorrect address from a “tainted transfer history.” Scam Sniffer revealed that many phishing attacks were initiated through clicks on phishing links from fraudulent accounts on the X platform and Google phishing advertisements.
The platform recently highlighted an example of a Google phishing advertisement, featuring a ‘Chainlist’ ad on the search platform. This ad prompts traders to connect their wallets, leading to consequential loss of funds after signing the phishing signature.
Image courtesy of Pexels, chart from TradingView
Dutch
English
French
German
Greek
Italian
Portuguese
Russian
Spanish