Unlucky crypto user loses over $1 million in a phishing attack

According to multiple reports, one crypto user lost approximately $1.08 million worth of Aave-wrapped Ethereum LBTC (aEthLBTC), which is a tokenized Bitcoin asset on the Aave protocol, in what is likely a phishing exploit. According to ScamSniffer, the user in question had signed a malicious “permit” signature, which was what led to the theft. That signature was an off-chain approval mechanism, and it allegedly allows tokens to be spent without triggering an immediate on-chain transaction. ScamSniffer shared screenshots of the transactions. As to how the victim was susceptible to the exploit, they believe the scammers would have gotten the victim to sign the permit via a phishing site or cloned dApp, giving them access to drain the wallet. How did the scam happen? SlowMist’s founder, Cosine, commented on the haul, pointing out that the specific phishing group behind the attack is not one of the “mainstream” drainer groups, which suggests...

https://www.cryptopolitan.com/phishing-victim-loses-1-08m-malicious-permit/