ExchangeDEX+
Buy CryptoMarketsSpotFutures500XEarnEvents
More
Blue Chip Blitz
The post Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum appeared on BitcoinEthereumNews.com. A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer. According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags. Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote: “From the victim’s perspective, he just clicked a few times to confirm the wallet’s pop-up signature requests, didn’t spend a single penny of gas, and $6.28 million was gone.” How Permit exploits work Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender. That efficiency, however, has created a new attack surface for malicious players. Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move. As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet. This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars. Phishing losses The latest theft highlights a wider trend of escalating phishing campaigns. Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July. According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half… The post Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum appeared on BitcoinEthereumNews.com. A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer. According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags. Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote: “From the victim’s perspective, he just clicked a few times to confirm the wallet’s pop-up signature requests, didn’t spend a single penny of gas, and $6.28 million was gone.” How Permit exploits work Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender. That efficiency, however, has created a new attack surface for malicious players. Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move. As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet. This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars. Phishing losses The latest theft highlights a wider trend of escalating phishing campaigns. Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July. According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half…

Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum

By: BitcoinEthereumNews
2025/09/19 02:31
Threshold
T$0.01246+3.06%
Moonveil
MORE$0.00956+0.52%
Movement
MOVE$0.06746+1.06%
TokenFi
TOKEN$0.007497+3.44%
COM
COM$0.004102-23.47%

A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer.

According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags.

Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote:

How Permit exploits work

Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender.

That efficiency, however, has created a new attack surface for malicious players.

Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move.

As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet.

This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars.

Phishing losses

The latest theft highlights a wider trend of escalating phishing campaigns.

Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July.

According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half of the total. This included one wallet that lost $3.08 million in a single exploit.

Meanwhile, the firm attributed the surge in losses to a rise in EIP-7702 batch-signature scams and direct transfers to malicious contracts.

Considering this, security experts have urged crypto users to be cautious when interacting with wallet requests and refuse demands that grant unlimited permissions to their wallets.

Mentioned in this article

Source: https://cryptoslate.com/crypto-whale-loses-6m-to-sneaky-phishing-scheme-targeting-staked-ethereum/

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Share Insights

You May Also Like

What Whales See in Bitcoin: On-Chain Data Signals

What Whales See in Bitcoin: On-Chain Data Signals

Cryptocurrency analysis firm CryptoQuant has analyzed the recent behavior of Bitcoin whales and its implications. Here are the details. Continue Reading: What Whales See in Bitcoin: On-Chain Data Signals
SphereX
HERE$0.000096-20.00%
Share
Coinstats2025/11/01 05:04
The first AI launchpad on Sui: Empowering retail investors to invest like VCs

The first AI launchpad on Sui: Empowering retail investors to invest like VCs

I. The Consensus Has Arrived: Crypto Belongs to AI Agents Google recently launched the Agent Payments Protocol (AP2), bringing together crypto heavyweights including Ethereum Foundation, Mysten Labs, and MetaMask. A clear consensus is crystallizing: cryptocurrency will become the native economic language of AI Agents. At this critical inflection point, Surge is emerging as the most […] The post The first AI launchpad on Sui: Empowering retail investors to invest like VCs appeared first on CryptoSlate.
Sleepless AI
AI$0.07114+4.32%
SUI
SUI$2.3675+3.46%
Wink
LIKE$0.005596+0.41%
Share
CryptoSlate2025/11/01 06:00
UK crypto holders brace for FCA’s expanded regulatory reach

UK crypto holders brace for FCA’s expanded regulatory reach

The post UK crypto holders brace for FCA’s expanded regulatory reach appeared on BitcoinEthereumNews.com. British crypto holders may soon face a very different landscape as the Financial Conduct Authority (FCA) moves to expand its regulatory reach in the industry. A new consultation paper outlines how the watchdog intends to apply its rulebook to crypto firms, shaping everything from asset safeguarding to trading platform operation. According to the financial regulator, these proposals would translate into clearer protections for retail investors and stricter oversight of crypto firms. UK FCA plans Until now, UK crypto users mostly encountered the FCA through rules on promotions and anti-money laundering checks. The consultation paper goes much further. It proposes direct oversight of stablecoin issuers, custodians, and crypto-asset trading platforms (CATPs). For investors, that means the wallets, exchanges, and coins they rely on could soon be subject to the same governance and resilience standards as traditional financial institutions. The regulator has also clarified that firms need official authorization before serving customers. This condition should, in theory, reduce the risk of sudden platform failures or unclear accountability. David Geale, the FCA’s executive director of payments and digital finance, said the proposals are designed to strike a balance between innovation and protection. He explained: “We want to develop a sustainable and competitive crypto sector – balancing innovation, market integrity and trust.” Geale noted that while the rules will not eliminate investment risks, they will create consistent standards, helping consumers understand what to expect from registered firms. Why does this matter for crypto holders? The UK regulatory framework shift would provide safer custody of assets, better disclosure of risks, and clearer recourse if something goes wrong. However, the regulator was also frank in its submission, arguing that no rulebook can eliminate the volatility or inherent risks of holding digital assets. Instead, the focus is on ensuring that when consumers choose to invest, they do…
COM
COM$0.004054-24.36%
MAY
MAY$0.02727-0.58%
SOON
SOON$0.7165-1.03%
Share
BitcoinEthereumNews2025/09/17 23:52

Trending News

More

What Whales See in Bitcoin: On-Chain Data Signals

The first AI launchpad on Sui: Empowering retail investors to invest like VCs

UK crypto holders brace for FCA’s expanded regulatory reach

Google Becomes Latest in Agentic AI Stablecoin Payments Race

Analyst Uses AI To Show How High The XRP Price Will Be If XRP ETFs Are Approved

Quick Reads

More

Chill House (CHILLHOUSE) Latest Price: Fresh Market Updates

Chill House (CHILLHOUSE) Real-Time Price and Market Analysis

Chill House (CHILLHOUSE) Price History: Key Milestones & Trends

Chill House (CHILLHOUSE) ATH Price History: Record Highs & Insights

Chill House (CHILLHOUSE) Price in USD: Latest Market Data

Crypto Prices

mc_price_img_alt

Ethereum

ETH

$3,855.54
$3,855.54$3,855.54

-0.13%

mc_price_img_alt

Bitcoin

BTC

$109,619.04
$109,619.04$109,619.04

-0.54%

mc_price_img_alt

Solana

SOL

$187.62
$187.62$187.62

-0.28%

mc_price_img_alt

XRP

XRP

$2.5090
$2.5090$2.5090

-0.59%

mc_price_img_alt

Binance Coin

BNB

$1,090.08
$1,090.08$1,090.08

+0.52%