In a recent and shocking incident, a PEPE token holder has lost $1.39 million in PEPE, MSTR, and APU tokens after unknowingly signing a malicious "permit2" phishing signature. This unfortunate event has once again highlighted the growing threat of phishing scams in the crypto space, where a single mistake can lead to a devastating financial loss.
According to the information displayed, the user signed a transaction allowing a fraudulent contract access to their assets. This contract took advantage of the "permit2" signature, which is a new standard intended for token approvals but has now become a tool for phishing attacks when used maliciously.
The image of the transaction history shows that the scammer transferred large amounts of tokens from the victim's wallet. The transfers included over $1.39 million worth of assets, bringing the wallet’s balance from a substantial amount to just $116. In particular, the screenshot reveals transaction hashes linked to the phishing attack, transferring assets like PEPE (a popular meme token), MSTR, and APU.
The attack took place 25 minutes before the report, with the victim unknowingly signing a fraudulent transaction. The phishing signature, disguised as a legitimate "permit2" request, tricked the user into giving access to their funds. Permit2 was designed to streamline token approvals and transactions, but in this case, it was exploited by the attacker to gain access to the victim’s funds without their knowledge.
Once the transaction was authorized, the scammer immediately drained the wallet, transferring assets to their own address, leaving the victim with only $116, a staggering loss of nearly $1.4 million.
This incident serves as a grim reminder of the growing threat phishing scams pose in the cryptocurrency industry. Phishing attacks are becoming increasingly sophisticated, and scammers are taking advantage of every new feature or protocol introduced in the DeFi ecosystem.
Users must remain vigilant and double-check the authenticity of any transactions they sign, especially with newer standards like "permit2" that they may not fully understand. It’s essential to verify the contracts you’re interacting with and only approve transactions from trusted sources.
As the cryptocurrency space grows, so does the creativity and persistence of scammers. This PEPE holder’s loss is a devastating example of how quickly fortunes can be lost through a single phishing attack. The takeaway for crypto users is to be extra cautious and ensure they are aware of the permissions they are granting when signing contracts or transactions.
Also read : OKX Launches in Dubai Despite UAE Regulatory Crackdown