User Loses $11 Million in Crypto Phishing Scam — TradingView News

According to Scam Sniffer, one victim parted with aEthMKR and Pendle USDe tokens worth over $11 million after signing multiple Permit phishing signatures.

In particular, according to Arkham Intelligence, the victim is a delegate of MakerDAO governance.

As noted by blockchain security firm SlowMist, victims could end up facing significant losses due to signature risks.

Permission, enabled via EIP-2612, helps eliminate the need for prior authorization when interacting with smart contracts.

Notably, the feature allows you to generate authorization signatures without relying on on-chain transactions.

Potential victims can sign permission for a malicious website without transmitting it to the blockchain. Since possession of the signature is sufficient to grant permission, permission carries a significant level of risk, according to SlowMist.

Attackers can potentially trick their victims into providing signatures by masquerading as a legitimate website.

Determining whether or not a signature is compromised can be difficult due to the fact that transactions occur off-chain. “From what we understand, some wallets decode and display signature information to approve authorization phishing attempts, but there is a lack of sufficient warning regarding authorization signature phishing, which poses greater risks to users,” the company said .

Fuente