ExchangeDEX+
Buy CryptoMarketsSpotFuturesGOLDEarnEvents
More
The post Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum appeared on BitcoinEthereumNews.com. A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer. According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags. Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote: “From the victim’s perspective, he just clicked a few times to confirm the wallet’s pop-up signature requests, didn’t spend a single penny of gas, and $6.28 million was gone.” How Permit exploits work Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender. That efficiency, however, has created a new attack surface for malicious players. Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move. As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet. This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars. Phishing losses The latest theft highlights a wider trend of escalating phishing campaigns. Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July. According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half… The post Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum appeared on BitcoinEthereumNews.com. A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer. According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags. Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote: “From the victim’s perspective, he just clicked a few times to confirm the wallet’s pop-up signature requests, didn’t spend a single penny of gas, and $6.28 million was gone.” How Permit exploits work Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender. That efficiency, however, has created a new attack surface for malicious players. Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move. As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet. This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars. Phishing losses The latest theft highlights a wider trend of escalating phishing campaigns. Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July. According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half…

Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/09/19 02:31
2 min read
Threshold
T$0.007276-5.43%
Moonveil
MORE$0.0006441-0.12%
Movement
MOVE$0.0253+3.34%
TokenFi
TOKEN$0.003319-3.46%

A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer.

According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags.

Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote:

How Permit exploits work

Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender.

That efficiency, however, has created a new attack surface for malicious players.

Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move.

As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet.

This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars.

Phishing losses

The latest theft highlights a wider trend of escalating phishing campaigns.

Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July.

According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half of the total. This included one wallet that lost $3.08 million in a single exploit.

Meanwhile, the firm attributed the surge in losses to a rise in EIP-7702 batch-signature scams and direct transfers to malicious contracts.

Considering this, security experts have urged crypto users to be cautious when interacting with wallet requests and refuse demands that grant unlimited permissions to their wallets.

Mentioned in this article

Source: https://cryptoslate.com/crypto-whale-loses-6m-to-sneaky-phishing-scheme-targeting-staked-ethereum/

Market Opportunity
Threshold Logo
Threshold Price(T)
$0.007276
$0.007276$0.007276
-0.69%
USD
Threshold (T) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Venice Token Jumps 50% as Trading Volume Hits $55M: What’s Behind VVV Rally?

Venice Token Jumps 50% as Trading Volume Hits $55M: What’s Behind VVV Rally?

Venice Token (VVV) recorded a 50.1% price surge in 24 hours, reaching $4.53 with trading volume exceeding $54.8 million. Our analysis examines the supply squeeze
Share
Blockchainmagazine2026/02/16 05:01
Robert Kiyosaki Explains Why He Holds 60 Bitcoin

Robert Kiyosaki Explains Why He Holds 60 Bitcoin

The post Robert Kiyosaki Explains Why He Holds 60 Bitcoin appeared on BitcoinEthereumNews.com. Bitcoin 18 September 2025 | 17:17 Robert Kiyosaki, best known for Rich Dad Poor Dad, has once again taken aim at fiat currencies, describing the U.S. financial system as “rigged” against ordinary people. Speaking on a podcast this week, he argued that schools mislead students into chasing jobs and saving dollars that lose value year after year, while central banks print money that enriches the elite. He admitted that it took him years to understand Bitcoin, but said buying at $6,000 changed his outlook. Kiyosaki now holds around 60 BTC — worth nearly $7 million — and uses cash flow from real estate to buy more Bitcoin alongside gold, silver, oil, and Ethereum. He has predicted that BTC could reach $1 million within the next decade, though he warns investors to expect crashes along the way. Kiyosaki also dismissed ETFs as “paper traps” that offer convenience but little protection during a crisis. Instead, he believes direct ownership of hard assets and digital currencies is essential as inflation eats away at savings. His point is backed by data: $1,000 held in U.S. dollars since 2000 has lost nearly half its purchasing power, while Bitcoin has risen more than 900% in just five years. Around the world, countries like Venezuela and Argentina show the same story more dramatically, where collapsing local currencies have pushed citizens toward stablecoins and Bitcoin as financial lifelines. For Kiyosaki, the lesson is simple: fiat weakens the poor, while Bitcoin and scarce assets give individuals a way out of what he calls a broken system. Source The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed…
Share
BitcoinEthereumNews2025/09/18 23:56
Venice Token Surges 50% in 24 Hours: Data Behind VVV’s Meteoric Rise

Venice Token Surges 50% in 24 Hours: Data Behind VVV’s Meteoric Rise

Venice Token (VVV) posted a remarkable 49.6% gain in the past 24 hours, reaching $4.51 with trading volume exceeding $54 million. Our data analysis uncovers the
Share
Blockchainmagazine2026/02/16 05:07