On May 26, a victim who lost 1,807 liquid staked Ether, valued at $6.91 million, reportedly received a significant portion of the stolen funds back from scammers.
“Yesterday, the old phishing group Inferno Drainer used the permit offline authorization signature to phish away nearly US$7 million in ETH re-pledged assets from a user,” wrote Yu Xian, co-founder of blockchain analytics firm SlowMist.
“Today, they actually got a refund, which is really rare.”
That same day, Scam Sniffer posted on X that the victim recouped 1,445 Ether, or 80% of the stolen funds, after the scammers allegedly kept a 20% bounty.
Analysts explained that the wallet involved had been targeted in a permit phishing attack, where a malicious actor creates a genuine off-chain authorization signature to transfer ERC-20 tokens from a wallet they do not own.
According to SlowMist, this type of attack exploits an overlooked feature in Ethereum permits, introduced through EIP-2612.
This protocol allows users to interact with smart contracts without prior authorization by attaching an authorization signature.
Unfortunately, the permit function can be executed by any account, regardless of ownership.
READ MORE: Trump Promises to Pardon Silk Road Founder Ross Ulbricht if Re-Elected
This means that if users had previously compromised their wallet signatures on phishing websites, scammers could still use the permit exploit to siphon tokens from their wallets, even without user approval.
To protect against such attacks, SlowMist recommended periodic use of authorization tools like RevokeCash (https://revoke.cash) to identify any abnormal authorizations.
For Uniswap Permit2, they suggested using the authorization management tool at https://app.scamsniffer.io/permit2 for verification.
If any irregular authorizations are detected, it is crucial to revoke them promptly.
Not everyone was sympathetic to the victim in this incident.
“How do you get phished last year for $638K and then again this year for $6.9M? Some people are just careless with their assets,” commented prominent DeFi sleuth ZachXBT.
In March, Cointelegraph reported that cryptocurrency-related scams had increased by 53% within the past year.
According to the FBI, cryptocurrency-related investment fraud accounted for 86% of all investment losses within the United States in 2023.
To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.
