A PEPE token holder in the crypto world lost $1.4 million in a Uniswap Permit2 phishing attack. Unfortunately, the victim accidentally approved an off-chain Permit2 transaction. This signature gave the scammer unrestricted access to his wallet. Interestingly, the attacker transferred all the stolen assets to a new wallet just an hour after confirming the transaction.
Uniswap Permit2: Convenient or Dangerous?
Uniswap introduced Permit2 in 2022, giving users the convenience of approving multiple tokens at once. While it may seem like a great innovation at first glance, the system has also become an opportunity for scammers. Users save on gas fees by validating multiple tokens at once. However, this convenience also creates a serious security vulnerability. It seems like every technological innovation comes at a cost, right?
In the most recent attack, the victim again accidentally provided an off-chain signature, which the scammer used to withdraw tokens from the wallet. A cybersecurity firm called ScamSniffer claims that the stolen PEPE, Microstrategy (MSTR), and Apu (APU) tokens were transferred to another wallet within an hour. It appears to have been a very quick and well-planned operation.
There has been a noticeable increase in phishing attacks.
In another example, an investor lost $2.47 million worth of Aave Ethereum sDAI tokens. The common thread in these attacks is that users unwittingly signed Permit2 and gave the scammers access to their wallets. Think about it, a simple signature move could result in billions of dollars in losses.
To prevent such attacks, MetaMask has tried to improve the Permit2 signature process to make the authorization process more transparent to users. However, attacks continue to occur and cause millions of dollars in damage. It seems that in the digital world, attention is more important than ever.
These events once again show how dangerous the concept of “convenience” can be in the crypto world. Every technological innovation we use carries risks.
