User Suffers $11M Loss in Crypto Phishing Scam
According to Scam Sniffer, an unfortunate individual has become a victim of a crypto phishing scam, losing over $11 million worth of aEthMKR and Pendle USDe tokens. The targeted user was revealed to be a MakerDAO governance delegate, according to Arkham Intelligence.
Experts from blockchain security firm SlowMist warn that signature risks can result in substantial losses for victims. The scam exploited the Permit feature, which eliminates the need for prior authorization in smart contract interactions. This allows malicious actors to generate authorization signatures without broadcasting them to the blockchain, making it easier to deceive victims.
The phishing scammers tricked the victim into signing permits on a fraudulent website masquerading as a legitimate one. Since possession of the signature alone is enough for authorization, users face high risks in such scenarios.
The off-chain nature of these transactions poses challenges in determining whether a signature has been compromised. SlowMist noted that some wallets display signature information without providing sufficient warnings about permit signature phishing, exacerbating the potential risks for users.
This incident serves as a sobering reminder of the importance of thorough vigilance and caution when engaging with cryptocurrencies and interacting with smart contracts.