Blockchain security platform Scam Sniffer recently revealed a crypto trader who lost $35 million in minutes. This trader would have lost this amount thanks to a socially engineered crypto scamswhich still reigns supreme in the sector.
How This Crypto Trader Lost $35 Million
Scam Sniffer revealed in an X-post that the crypto trader lost 15,079 fwDETH ($35 million) after signing a “permit” phishing signature. These scammers immediately sold the money, causing the price of dETH to quickly plummet. So is this scam said to have led to attacks on protocols such as PAC Finance and Orbit Finance.
This ‘Permit’ feature was introduced on the Ethereum network through the Ethereum Improvement Proposal (EIP) 2612 to help solve the challenge of having to pay gas fees multiple times.
This licensing feature allows off-chain traders to sign an approval notice, essentially allowing them to conduct gas-free transactions. However, as we saw with this crypto trader who lost $35 million, one downside of these Permit signatures is that they are more susceptible to social engineering scams, as opposed to performing onchain approvals.
Scammers can easily trick users into granting approval by giving them the impression that they are simply logging into a website while approving the transfer of their money from their wallet. Furthermore, unlike warning signs displayed when signing an onchain approval, there are no signatures for permits.
Phishing fraud remains the most common form of attack in cryptocurrency
Phishing fraud It remains one of the most rampant socially engineered attacks in the crypto space. Scam sniffer drew the community’s attention to how KOR Protocol’s X account was recently compromised and posted phishing tweets. They noted that these phishing tweets from known X accounts are often the result of social engineering attacks that malicious apps authorize.
According to Scam Sniffer’s September Phishing Reportapproximately 10,000 victims lost nearly $46 million to cryptophishing fraud. Meanwhile, in the third quarter of this year, up to $127 million phishing losses took place, with an average of 11,000 victims per month. Two victims are believed to be responsible for $87 million of these losses.
Interestingly, one of the victims lost $32 million by signing a license signature, similar to this crypto trader, who lost $35 million. Another trader lost $1 million by copying the wrong address from a “dirty transfer history.” Scam Sniffer revealed that most phishing attacks were carried out by clicking phishing links from fake accounts on the X platform and Google phishing ads.
The platform recently provided an example of a phishing ad from Google. They flagged a ‘Chainlist’ ad on the search engine. This ad causes merchants to connect their wallets, and their wallets become empty after they sign the phishing signature.
Featured image from Pexels, chart from TradingView