.png){kind=logo}
After accepting fraudulent ‘permit’ and ‘increaseApproval’ requests, a holder of a cryptocurrency lost $209,816 in WBTC and tBTC. Blockchain investigation attributed the attack to multiple suspicious addresses. The attack highlights that phishing tactics are still evolving and use new token standards.
The victim, using wallet address 0x4a…a27f, approved requests from addresses later identified as 0x62…D0Ca, 0x72…1A1, and 0xaF1…8094. What appeared to be routine permission prompts were in fact disguised traps. By signing those messages, the user unknowingly granted smart contracts the authority to access their assets—even without directly executing a transfer.
This type of exploit exploits ERC-20 features like “permit” and “increaseApproval,” which enable contracts to spend tokens once a signature is provided. Legitimate decentralized finance (DeFi) protocols use these features, but attackers are increasingly weaponizing them to drain wallets. Security investigators warn users to scrutinize any signature request before approving it.
According to recent reporting, phishing remains one of the most significant sources of crypto losses in 2025. Chainalysis data show that attacks on personal wallets now make up a growing share of all thefts. Meanwhile, common vulnerabilities like malicious wallet approvals, spoofed websites, and counterfeit customer support still make up most of the recoverable issues losses.
In addition, Scam Sniffer’s September 2025 report recorded $11.78 million in total phishing losses across 15,513 victims. Although total losses fell slightly compared to August, the number of targeted users increased. The largest single theft that month amounted to about $6.5 million, also resulting from fake “permit” signatures.
Security firms now warn users to adopt best practices: avoid impulsively approving unknown contracts, use permission revocation tools, and separate wallets for interaction and storage. Researchers also explore automated defenses: static analysis of contract code reveals that new frameworks, such as ScamDetect, can flag potentially harmful smart contracts with approximately 90% accuracy before users interact with them.
Also Read: Cred Executives Jailed for $150M Crypto Fraud Scheme That Misled Investors
Users can lower their risk by maintaining strict “signing hygiene.” Always verify the contract address, the function being approved, and the permission limits before signing. Use tools (e.g., approval revokers) to eliminate unused or excessive permissions allowances.
Splitting assets into separate wallets can be beneficial: one for everyday transactions and another for long-term storage. Also, limit browser extension use and avoid performing sensitive tasks on devices with heavy background activity software.
Furthermore, crypto community groups and security alliances are developing shared blocklists and early warning systems for malicious dApps. Nevertheless, individual vigilance remains essential in a landscape where attackers continually improve their deception techniques.
