BorsaDEX+
Kripto AlPiyasalarSpotVadeli İşlemlerGOLDBirikimEtkinlikler
Daha Fazla
Commodity Zero-Fee Gala
The post Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum appeared on BitcoinEthereumNews.com. A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer. According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags. Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote: “From the victim’s perspective, he just clicked a few times to confirm the wallet’s pop-up signature requests, didn’t spend a single penny of gas, and $6.28 million was gone.” How Permit exploits work Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender. That efficiency, however, has created a new attack surface for malicious players. Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move. As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet. This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars. Phishing losses The latest theft highlights a wider trend of escalating phishing campaigns. Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July. According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half… The post Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum appeared on BitcoinEthereumNews.com. A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer. According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags. Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote: “From the victim’s perspective, he just clicked a few times to confirm the wallet’s pop-up signature requests, didn’t spend a single penny of gas, and $6.28 million was gone.” How Permit exploits work Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender. That efficiency, however, has created a new attack surface for malicious players. Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move. As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet. This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars. Phishing losses The latest theft highlights a wider trend of escalating phishing campaigns. Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July. According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half…

Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum

Yazar: BitcoinEthereumNews
Kaynak: BitcoinEthereumNews
2025/09/19 02:31
Okuma süresi: 2 dk
Threshold
T$0.006983+0.44%
Moonveil
MORE$0.0006057-7.18%
Movement
MOVE$0.02235-1.67%
TokenFi
TOKEN$0.003315-3.49%

A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer.

According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags.

Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote:

How Permit exploits work

Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender.

That efficiency, however, has created a new attack surface for malicious players.

Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move.

As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet.

This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars.

Phishing losses

The latest theft highlights a wider trend of escalating phishing campaigns.

Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July.

According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half of the total. This included one wallet that lost $3.08 million in a single exploit.

Meanwhile, the firm attributed the surge in losses to a rise in EIP-7702 batch-signature scams and direct transfers to malicious contracts.

Considering this, security experts have urged crypto users to be cautious when interacting with wallet requests and refuse demands that grant unlimited permissions to their wallets.

Mentioned in this article

Source: https://cryptoslate.com/crypto-whale-loses-6m-to-sneaky-phishing-scheme-targeting-staked-ethereum/

Piyasa Fırsatı
Threshold Logosu
Threshold Fiyatı(T)
$0.006983
$0.006983$0.006983
+1.64%
USD
Threshold (T) Canlı Fiyat Grafiği
Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen service@support.mexc.com ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.

Ayrıca Şunları da Beğenebilirsiniz

What Does Market Cap Really Mean in Crypto — and Why Australians Care

What Does Market Cap Really Mean in Crypto — and Why Australians Care

Introduction: What Does Market Cap Mean in Cryptocurrency Ridgewell Tradebit is an automated cryptocurrency trading platform that helps users better understand
Paylaş
Techbullion2026/02/09 23:34
The Manchester City Donnarumma Doubters Have Missed Something Huge

The Manchester City Donnarumma Doubters Have Missed Something Huge

The post The Manchester City Donnarumma Doubters Have Missed Something Huge appeared on BitcoinEthereumNews.com. MANCHESTER, ENGLAND – SEPTEMBER 14: Gianluigi Donnarumma of Manchester City celebrates the second City goal during the Premier League match between Manchester City and Manchester United at Etihad Stadium on September 14, 2025 in Manchester, England. (Photo by Visionhaus/Getty Images) Visionhaus/Getty Images For a goalkeeper who’d played an influential role in the club’s first-ever Champions League triumph, it was strange to see Gianluigi Donnarumma so easily discarded. Soccer is a brutal game, but the sudden, drastic demotion of the Italian from Paris Saint-Germain’s lineup for the UEFA Super Cup clash against Tottenham Hotspur before he was sold to Manchester City was shockingly brutal. Coach Luis Enrique isn’t a man who minces his words, so he was blunt when asked about the decision on social media. “I am supported by my club and we are trying to find the best solution,” he told a news conference. “It is a difficult decision. I only have praise for Donnarumma. He is one of the very best goalkeepers out there and an even better man. “But we were looking for a different profile. It’s very difficult to take these types of decisions.” The last line has really stuck, especially since it became clear that Manchester City was Donnarumma’s next destination. Pep Guardiola, under whom the Italian will be playing this season, is known for brutally axing goalkeepers he didn’t feel fit his profile. The most notorious was Joe Hart, who was jettisoned many years ago for very similar reasons to Enrique. So how can it be that the Catalan coach is turning once again to a so-called old-school keeper? Well, the truth, as so often the case, is not quite that simple. As Italian soccer expert James Horncastle pointed out in The Athletic, Enrique’s focus on needing a “different profile” is overblown. Lucas Chevalier,…
Paylaş
BitcoinEthereumNews2025/09/18 07:38
MicroStrategy Bought Another 1.142 BTC: Total 714K BTC

MicroStrategy Bought Another 1.142 BTC: Total 714K BTC

The post MicroStrategy Bought Another 1.142 BTC: Total 714K BTC appeared on BitcoinEthereumNews.com. MicroStrategy Continues BTC Purchases MicroStrategy, the world
Paylaş
BitcoinEthereumNews2026/02/09 23:06