A thrilling signature! An encryption whale lost 6.28 million dollars due to malicious signing.

A cryptocurrency whale experienced an astonishing loss of wealth on September 18, due to what seemed like a harmless signature operation, resulting in the theft of over $6 million worth of staked Ethereum (stETH) and Aave wrapped Bitcoin (aEthWBTC). Blockchain security company Scam Sniffer reported that the investor inadvertently approved a malicious “permit” signature during a carefully crafted phishing attack, allowing the attacker to empty their wallet without having to pay any Gas fees.

“Silent” Attack: One Signature, 6.28 Million Dollars Disappeared Instantly

(Source: X)

Yu Xian, the founder of the security company SlowMist, conducted a detailed analysis of this incident, revealing the terrifying aspects of such attacks. He stated:

“From the victim's perspective, he just clicked a few times, confirmed the signature that popped up in the wallet, and didn't spend a penny on gas fees, and 6.28 million dollars were gone.”

The terrifying aspect of this attack lies in its concealment. The attackers cleverly disguised their malicious operations as routine Wallet confirmation steps, deceiving victims into allowing the transfer of assets without raising any alarms. Since the transactions do not consume Gas, the victims are completely unaware of the danger until it is too late for the assets to be transferred.

“Permission” Vulnerability: The Deadly Risks Behind Convenience

This type of attack exploits a vulnerability in a feature called “Permit.” This feature was originally designed to simplify the token transfer process: users do not need to execute on-chain commands and pay Gas fees; they only need to sign off-chain messages to authorize third parties.

However, this convenience has also opened up new attack vectors for malicious attackers. Once the victim signs the “permit,” the attacker can combine two functions—Permit and TransferFrom—to directly extract assets. Since the authorization is conducted off-chain, the wallet dashboard will not show any unusual activity before the asset extraction.

As a result, when the transaction was executed on the blockchain, all tokens were transferred to the attacker's Wallet. It is this vulnerability that has made Permit attacks increasingly favored by hackers, allowing them to extract millions of dollars without the need for complex hacking techniques or expensive Gas fees.

Phishing attacks surge: August losses reached 12.17 million dollars

This incident is not an isolated case, but rather reflects the growing trend of phishing activities becoming increasingly rampant. According to statistics from Scam Sniffer, in just August, attackers stole 12.17 million dollars from over 15,200 victims, a staggering increase of 72% compared to July.

What is even more concerning is that nearly half of the losses came from three large wallets, with one wallet losing 3.08 million dollars in a single incident. This indicates that attackers are specifically targeting high-net-worth crypto asset holders.

Scam Sniffer analysis suggests that this growth is mainly due to scams related to EIP-7702 (batch signature scams) and users inadvertently signing malicious contracts directly.

Expert Advice: How to Protect Your Crypto Assets

In light of the increase in such attacks, security experts have proposed the following recommendations to help crypto asset users protect their assets:

· Remain highly vigilant against all wallet signature requests, especially those that ask for unrestricted access to assets.

Using hardware wallets that support detailed transaction previews can help identify malicious transactions.

· Carefully check the transaction details before signing any permissions or approvals to ensure you understand what you are authorizing.

· Consider using a multi-signature Wallet or setting transaction limits to reduce the risk of single points of failure.

· Regularly review the granted permissions and revoke those that are no longer needed.

This incident reminds us once again that even the simplest operations in the world of Crypto Assets can carry enormous risks. As attackers continuously develop new fraudulent tactics, it becomes more important than ever to stay vigilant and be aware of the latest security threats.