Crypto Trader Loses $35 Million In Minutes – Here’s How

As a seasoned researcher with years of experience in the dynamic world of cryptocurrencies, I find myself constantly astounded by the relentless ingenuity of cybercriminals and the vulnerabilities they exploit. The recent case of a crypto trader losing $35 million in mere minutes due to a social-engineered scam is a stark reminder of the risks inherent in this space.


As a researcher delving into the realm of digital currencies, I recently uncovered an alarming incident where a crypto trader suffered a staggering loss of $35 million within minutes. This unfortunate individual fell victim to a meticulously orchestrated social-engineered scam, a menace that remains rampant in our industry.

How This Crypto Trader Lost $35 Million 

In a recent post on X, Scam Sniffer disclosed that a crypto trader suffered a loss of approximately 15,079 fwDETH ($35 million) when they unknowingly signed a fraudulent “permit” signature. The crooks swiftly liquidated the funds, resulting in a sharp decline of dETH’s price. This scam is also suspected to have triggered assaults on financial protocols like PAC Finance and Orbit Finance.

The ‘Permit’ function was implemented on the Ethereum network via Ethereum Improvement Proposal (EIP) 2612 as a solution for the issue of needing to pay gas fees repeatedly.

This permit feature enables traders to endorse an approval message outside the blockchain system, thereby facilitating gasless transactions. But it’s important to note that this method of off-chain approval may be vulnerable to social engineering fraud, contrary to traditional on-chain approvals, as was demonstrated by a crypto trader who suffered a loss of $35 million.

Scammers can deceive users into thinking they’re just logging into a site, while in reality, they’re approving the transfer of their funds from their digital wallets. It’s important to note that unlike traditional on-chain approvals, there are no warning signs when giving Permit signatures.

Phishing Scams Remain The Common Form Of Attack In Crypto

“Phishing scams remain one of the most prevalent forms of cyber deceit in the cryptocurrency sector, as highlighted by Scam Sniffer. For instance, it was recently discovered that the KOR Protocol’s X account had been hacked and was sharing phishing tweets. Scam Sniffer emphasized that such phishing posts from prominent X accounts frequently originate from social engineering attacks that grant illicit applications access.

As revealed by Scam Sniffer’s September Phishing Review, approximately 10,000 individuals suffered a combined loss of nearly $46 million due to crypto phishing frauds. In the third quarter of this year alone, phishing scams resulted in a staggering $127 million in losses, with an average of around 11,000 victims each month. Remarkably, two individuals were responsible for a massive $87 million of these total losses.

Interestingly, one of the victims lost $32 million by signing a permit signature, similar to this crypto trader, who lost $35 million. Another trader lost $1 million by copying the wrong address from a “contaminated transfer history.” Scam Sniffer revealed that most of the phishing attacks were procured by clicking on phishing links from fake accounts on the X platform and Google phishing ads. 

The platform recently gave an example of a Google phishing ad. They highlighted a ‘Chainlist’ ad on the search engine. This ad leads traders to connect their wallets, and their wallets get drained after they sign the phishing signature.

Read More

2024-10-13 08:41