As a seasoned crypto investor with several years of experience under my belt, I can’t help but feel a sense of unease and caution when reading about the latest security breach involving Permit signatures. The fact that a MakerDAO governance delegate lost over $11 million worth of tokens by signing multiple phishing signatures is a stark reminder of the risks we face in this space.
Based on Scam Sniffer’s report, an individual lost over $11 million in total value of aETH-MKR and Pendle USDe tokens by signing multiple fraudulent Permit transactions.
Notably, the victim is a MakerDAO governance delegate, according to Arkham Intelligence.
According to the findings of blockchain security company SlowMist, individuals could sustain substantial financial losses as a result of taking unnecessary signing risks.
As a analyst, I can explain that with the implementation of EIP-2612, the “Permit” feature is granted the capability to bypass the requirement for prior approval when engaging in transactions with smart contracts.
As a crypto investor, I appreciate the convenience of this function that allows me to produce approval signatures offline, sparing me the need for every transaction to be processed on the blockchain.
Individuals who may fall prey to harmful websites have the option to approve the permit for such sites without publicly announcing it on the blockchain. The fact that they hold the signature is enough to give permission, making the permit a potential source of risk, as cautioned by SlowMist.
As a researcher studying cybersecurity threats, I’ve come across a concerning issue. Malicious individuals, or “bad actors,” have devised tactics to trick unsuspecting victims into supplying digital signatures under false pretenses. They disguise themselves as trustworthy websites in an attempt to deceive and gain access to sensitive information. This is a dangerous practice that can lead to serious security breaches. It’s crucial for internet users to be vigilant, double-check the authenticity of any requests for digital signatures, and only interact with known and trusted sources.
It can be challenging to ascertain if a digital signature is secure because transactions frequently occur outside of the main network. According to the company’s statement, some wallets decipher and exhibit signature data for users to approve transactions, increasing the risk of authorization phishing attacks. However, they noted that there is insufficient warning about permit signature phishing, making users more vulnerable.
Read More
- SOL PREDICTION. SOL cryptocurrency
- USD ZAR PREDICTION
- BTC PREDICTION. BTC cryptocurrency
- EUR ILS PREDICTION
- USD COP PREDICTION
- CKB PREDICTION. CKB cryptocurrency
- IQ PREDICTION. IQ cryptocurrency
- TROY PREDICTION. TROY cryptocurrency
- SHI PREDICTION. SHI cryptocurrency
- LUNC PREDICTION. LUNC cryptocurrency
2024-06-23 15:08