ExchangeDEX+
Buy CryptoMarketsSpotFutures500XEarnEvents
More
Gold Bar & BTC Giveaway2000g
The post Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum appeared on BitcoinEthereumNews.com. A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer. According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags. Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote: “From the victim’s perspective, he just clicked a few times to confirm the wallet’s pop-up signature requests, didn’t spend a single penny of gas, and $6.28 million was gone.” How Permit exploits work Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender. That efficiency, however, has created a new attack surface for malicious players. Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move. As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet. This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars. Phishing losses The latest theft highlights a wider trend of escalating phishing campaigns. Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July. According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half… The post Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum appeared on BitcoinEthereumNews.com. A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer. According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags. Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote: “From the victim’s perspective, he just clicked a few times to confirm the wallet’s pop-up signature requests, didn’t spend a single penny of gas, and $6.28 million was gone.” How Permit exploits work Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender. That efficiency, however, has created a new attack surface for malicious players. Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move. As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet. This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars. Phishing losses The latest theft highlights a wider trend of escalating phishing campaigns. Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July. According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half…

Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum

By: BitcoinEthereumNews
2025/09/19 02:31
Threshold
T$0.01099-0.90%
Moonveil
MORE$0.005053+3.77%
Movement
MOVE$0.03844-5.18%
TokenFi
TOKEN$0.003607-6.74%
COM
COM$0.00593+7.48%

A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer.

According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags.

Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote:

How Permit exploits work

Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender.

That efficiency, however, has created a new attack surface for malicious players.

Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move.

As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet.

This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars.

Phishing losses

The latest theft highlights a wider trend of escalating phishing campaigns.

Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July.

According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half of the total. This included one wallet that lost $3.08 million in a single exploit.

Meanwhile, the firm attributed the surge in losses to a rise in EIP-7702 batch-signature scams and direct transfers to malicious contracts.

Considering this, security experts have urged crypto users to be cautious when interacting with wallet requests and refuse demands that grant unlimited permissions to their wallets.

Mentioned in this article

Source: https://cryptoslate.com/crypto-whale-loses-6m-to-sneaky-phishing-scheme-targeting-staked-ethereum/

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

‘Already seen the low?’ – Inside Cathie Wood’s bet on a new Bitcoin cycle

‘Already seen the low?’ – Inside Cathie Wood’s bet on a new Bitcoin cycle

The post ‘Already seen the low?’ – Inside Cathie Wood’s bet on a new Bitcoin cycle appeared on BitcoinEthereumNews.com. Bitcoin has rarely looked more fragile, and many analysts are already referring to this as the worst fourth quarter on record, marked by a massive leverage wipeout and a steep drop from its all-time highs. For over a decade, Bitcoin [BTC] has followed a harsh, predictable pattern: a Halving event, a commendable rally to new highs, and then a brutal 75–90% crash that resets the entire market. This cycle shaped the crypto world and created the “crypto winter” mentality that traders have come to expect. Cathie Wood challenges the four-year cycle But according to Cathie Wood, CEO and CIO of ARK Invest, those old rules no longer apply. Speaking with Fox Business, Wood made a profound declaration: institutional adoption is actively “disrupting” the traditional Bitcoin cycle. Wood noted that growing participation in U.S. Spot Bitcoin ETFs had started to change how BTC absorbed volatility. She pointed to a steady decline in its two-year volatility trend over the past five years, adding fuel to the idea of a maturing asset. Why Bitcoin’s old pattern may be fading Wood’s view challenges over a decade of beliefs built around Bitcoin’s strict, predictable four-year cycle. The evidence for this cycle is compelling.  For instance, the 2012 Halving saw Bitcoin surge from under $10 to a peak of roughly $1,100; the 2016 Halving fueled a climb from $400 to nearly $20,000; and the 2020 Halving propelled the asset from $8,500 to a record high of around $69,000. Each of these explosive rallies was followed by a painful, defining drawdown of 70% to 85%, resetting the stage for the next run. This predictable pattern, last triggered by the 20th April 2024, Halving, has historically been the sole script for investors. Yet, this time, the narrative feels disjointed and disruptive. What is Wood so concerned about? Wood…
Moonveil
MORE$0.005017+3.01%
Bitcoin
BTC$90,030.87-2.34%
ARK
ARK$0.2855-2.05%
Share
BitcoinEthereumNews2025/12/11 19:15
XRP Price Tumbles 3% As Fifth Ripple Token ETF Nears Launch

XRP Price Tumbles 3% As Fifth Ripple Token ETF Nears Launch

The entire non-fungible token ecosystem is highly susceptible to many security threats, fueled by technical vulnerabilities, human-centric scams, and a lack of regulatory oversight. These [...]
XRP
XRP$2.0102-2.68%
TokenFi
TOKEN$0.003611-6.62%
Share
Insidebitcoins2025/12/11 18:55
The Critical Security Play You Can’t Miss in the AI Era

The Critical Security Play You Can’t Miss in the AI Era

The post The Critical Security Play You Can’t Miss in the AI Era appeared on BitcoinEthereumNews.com. The Watershed Moment That Changed Blockchain Security Forever Singapore – Blockman PR – December 2025 marked a turning point. Anthropic’s research team published findings that sent shockwaves through crypto: AI systems could successfully exploit smart contract vulnerabilities with 55.88% accuracy, simulating $4.6 million in potential theft from real-world contracts. The implications were existential. If AI could systematically identify and exploit vulnerabilities at scale, the entire blockchain ecosystem—processing over $1 trillion in transactions annually—faced an unprecedented threat. Traditional security tools couldn’t keep pace. Human auditors, already stretched thin reviewing less than 20% of deployed contracts, had no chance against autonomous AI attackers. But here’s what most people missed: Anthropic’s breakthrough wasn’t just validation of the threat. It was validation of the solution space. And one company had already been building that solution for six months—and winning. The Defense Was Already Operational While Anthropic demonstrated AI could break smart contracts in simulation, AgentLISA had been defending them in production. By the time Anthropic’s paper dropped, AgentLISA’s multi-agent system had detected over $7.3 million in actual vulnerabilities across real protocols managing billions in assets. The asymmetry is critical: Anthropic proved the threat is real and AI-powered. AgentLISA proved the defense is real, AI-powered, and already operational at scale. This matters because Anthropic’s research exposed something fundamental: the AI security race will be won by whoever controls the training data. And AgentLISA just lapped the entire field. LISA-Bench: The Data Moat Nobody Saw Coming https://github.com/agentlisa/bench Anthropic’s team used SCONE-bench—a dataset of 413 vulnerable smart contracts—to train their attack models. Solid methodology, respectable work. But fundamentally constrained by data scarcity. AgentLISA’s response was devastating: LISA-Bench, containing 23,959 professionally verified vulnerability records spanning 2016-2024—the largest curated smart contract vulnerability dataset ever assembled. It’s not just 60 times larger than SCONE-bench. It includes 10,185 code-complete vulnerability cases…
PlaysOut
PLAY$0.0341+4.02%
Threshold
T$0.01097-1.17%
Sleepless AI
AI$0.04198-2.80%
Share
BitcoinEthereumNews2025/12/11 19:01

Trending News

More

‘Already seen the low?’ – Inside Cathie Wood’s bet on a new Bitcoin cycle

XRP Price Tumbles 3% As Fifth Ripple Token ETF Nears Launch

The Critical Security Play You Can’t Miss in the AI Era

Strategy Slams MSCI: 50% Crypto Ceiling ‘Discriminatory, Arbitrary, And Unworkable’

Edges higher ahead of BoC-Fed policy outcome

Quick Reads

More

Nine-Figure Net Worth: The New Milestone in Wealth Creation

Dogecoin (DOGE) Bullish Price Prediction

Dogecoin (DOGE) 7-day Price Change

BOB (BOB) Price Updates: Latest Market Movements and Cryptocurrency Trading Insights

BOB (Build on Bitcoin) (BOB) Real-Time Price and Market Analysis

Crypto Prices

mc_price_img_alt

Ethereum

ETH

$3,201.56
$3,201.56$3,201.56

-3.80%

mc_price_img_alt

Bitcoin

BTC

$90,112.86
$90,112.86$90,112.86

-2.11%

mc_price_img_alt

Solana

SOL

$131.28
$131.28$131.28

-3.59%

mc_price_img_alt

XRP

XRP

$2.0151
$2.0151$2.0151

-2.26%

mc_price_img_alt

DOGE

DOGE

$0.13805
$0.13805$0.13805

-4.89%