Phishing Scam Strikes DeFi User
A PEPE token holder recently lost $1.4 million due to a phishing scam involving Uniswap’s Permit2 function, which simplifies token approvals. According to ScamSniffer, the victim unknowingly signed a fraudulent off-chain Permit2 transaction, granting the attacker full control of their wallet.
Permit2 Phishing Risks
The Permit2 feature, while designed to streamline transactions, has become an avenue for phishing attacks in DeFi. By luring users to sign off-chain signatures, attackers gain direct wallet access without immediate blockchain record. Uniswap initially introduced Permit2 to save gas fees but has since been exploited by phishing schemes, causing users significant financial harm.
Rising Concerns in DeFi Security
Permit2 phishing scams are on the rise. Recent attacks have resulted in millions of dollars in losses, highlighting the vulnerabilities within DeFi protocols. Security firms like MetaMask have improved signature readability to help users understand permissions better, but DeFi phishing remains a critical issue within the ecosystem.
Source:
Decrypt