A PEPE token holder lost approximately $1.39 million in crypto assets due to a malicious Uniswap Permit2 transaction that was mistakenly signed. The victim unknowingly signed an off-chain Permit2 signature, which gave the attacker unlimited access to his wallet. The stolen assets included PEPE, MSTR, and APU tokens, which were transferred to a new wallet within an hour of the transaction being approved. Uniswap launched the Permit2 feature in 2022 to simplify the token approval process and save gas fees, but this convenience has become a common means of hacker attacks.