A recent phishing scam has hammered a cryptocurrency venture capital fund, and over $36 million worth of wrapped Ether tokens have been stolen. Blockchain Monitoring platform Lookonchain stated that the attack occurred on October 11 and targeted 15,079 fwDETH tokens belonging to Continue Capital. The attackers utilized a fake "permit" signature for the transaction to make it through and take the funds from the victim's wallet.
This attack takes advantage of the signature mechanism, designed to make the process flow easily by allowing users to approve transactions without necessarily dealing directly with the tokens. In this case, the attackers deceitfully acquire the system into providing a signature for a transaction that sends the fwDETH tokens to the criminals, who promptly sell them, decreasing the token value.
The fast trading and resale of the fwDETH tokens also impacted the direct victims and the entire DeFi industry. After the incident, fwDETH lost about 95+ % of its value in its trading pair with fwWETH before experiencing a slight recovery to be down by 40%. This sudden move led to uncertainty in all DeFi protocols that engaged with fwDETH liquidity, including PAC Finance and Orbit Finance. However, the extent of the event's effect on these protocols is still unclear.
Decentralized finance is still quite exposed to such trickery, owing to the use of digital signatures and the sophistication of phishing campaigns that might as well look like regular requests for transactions or permissions. This situation shows that the issue of increasing the level of security and increasing users' awareness of cryptocurrencies is increasingly urgent.
CertiK reveals that phishing scams lost $127 million in the third quarter of 2024 alone, bringing the total to more than $753 million. This is just the third quarter of the year. These attacks often involve tricking users into signing malicious contracts or connecting their wallets to fake sites so they can bleed funds away with almost no notice.
In addition, a recent report revealed that the crypto sector is the second most attacked industry in the world for identity fraud, with nearly 29 percent of all fraud attempts. This is an important trend to which both retail and institutional investors are exposed; this exposure indicates a major risk and is indicative of why digital assets require advanced security protocols and ongoing vigilance in the digital asset environment.