Incident Details and Impact
A phishing scam targeting a high-profile crypto whale led to a loss of approximately $35 million on the Blast network. The attacker used a fraudulent “permit” signature to gain access to the victim’s wallet, draining significant assets, including Few Wrapped Duo ETH (fwDETH) tokens.
Attack Mechanics and Security Concerns
The scam exploited the victim’s trust by tricking them into signing a fraudulent offline “permit” message. Security firms like PeckShield confirmed that this fake message enabled the attacker to transfer tokens, causing a sharp drop in fwDETH’s market value from $2000 to $100 before a partial recovery.
Lessons and Preventive Measures
This incident underscores the importance of caution when signing transaction messages in the crypto space. BlockSec and other security firms recommend avoiding signing unfamiliar permits, especially in offline setups, as they can lead to significant financial losses.
Source:
The Block
