A recent report from Scam Sniffer revealed that a victim lost over $11 million worth of aEthMKR and Pendle USDe tokens due to Permit phishing signatures. The victim in question was a MakerDAO governance delegate, as per Arkham Intelligence. Security firm SlowMist warned that these types of incidents could result in significant losses for victims. Permit, enabled through EIP-2612, eliminates the need for prior authorization when interacting with smart contracts, allowing for the generation of authorization signatures without on-chain transactions.
The Permit feature poses a risk as potential victims can unknowingly sign permits for malicious websites without broadcasting them to the blockchain. Since possession of the signature is enough for authorization, bad actors can deceive victims by pretending to be legitimate websites. The off-chain nature of these transactions makes it difficult to determine if a signature is compromised. Some wallets may decode and display signature information without providing sufficient warning about permit signature phishing, ultimately putting users at higher risk, according to SlowMist.
This incident serves as a stark reminder of the importance of cybersecurity in the blockchain space. As the popularity of decentralized finance (DeFi) and blockchain technology continues to grow, so do the risks associated with them. It is crucial for users to remain vigilant and cautious when interacting with smart contracts and to only sign permits from trusted sources. Education and awareness about Permit phishing and other potential security threats are essential to combat these malicious activities and protect users’ digital assets.
In light of this incident, industry experts are calling for increased security measures and awareness campaigns to help users identify and prevent Permit phishing attacks. By understanding the risks associated with Permit signatures and taking steps to mitigate them, users can better protect themselves and their investments. It is essential for developers, security firms, and users alike to work together to enhance cybersecurity measures and create a safer environment for all participants in the blockchain ecosystem.
With the rise of Permit phishing attacks and other security threats in the blockchain space, it is crucial for users to stay informed and educated about potential risks. By understanding how Permit signatures work and the risks they pose, users can take proactive steps to protect themselves from falling victim to phishing scams. Increased collaboration between industry stakeholders, including security firms, developers, and users, is necessary to address these challenges and create a more secure environment for blockchain participants. By prioritizing cybersecurity and implementing best practices, we can help safeguard users’ digital assets and prevent future Permit phishing attacks from causing further harm to the industry.