Crypto VC Fund Suffers $36M Phishing Attack By Signing Permit: Report

A recent phishing attack targeting a crypto venture capital (VC) fund has resulted in the loss of over $36M worth of wrapped Ethereum tokens (fwDETH).

According to a report by blockchain monitoring platform Lookonchain, the phishing incident took place on October 11, with the malicious transaction being facilitated by a fraudulent “permit” signature.

This attack, involving 15,079 fwDETH tokens, is believed to have impacted an entity linked to Continue Capital, a prominent crypto VC fund.

The malicious actors exploited a commonly used signature mechanism, which involved tricking the victim into signing a transaction that allowed the immediate siphoning of funds.

Phishing Attack Costs VC Fund $36M in Wrapped Ethereum: Is Your Crypto Safe?

Phishing attacks in the cryptocurrency space are one of the most used forms of attack , and they have evolved into highly deceptive schemes, often disguised as legitimate transactions.

In this case, the attackers used a malicious “permit” signature, a mechanism that allows users to sign off on transactions without directly interacting with their assets.

While such signatures are designed to streamline operations, they are vulnerable to abuse when users unknowingly approve unauthorized transactions.

Blockchain data indicates that the victim’s wallet address, linked to Continue Capital, unknowingly granted permission for the transfer of 15,079 fwDETH tokens on the Blast chain.

The stolen funds were quickly moved to an address controlled by the hacker, identified as 0x0605edee6a8b8b553cae09abe83b2ebeb75516ec, who swiftly offloaded the tokens, causing fwDETH prices to drop by over 95% before partially recovering.

The rapid transfer and sale of the stolen funds caused ripple effects across decentralized finance (DeFi) protocols dependent on fwDETH liquidity, including PAC Finance and Orbit Finance.

Though the full extent of the damage to these protocols remains unclear, analysts note that the massive sell-off exacerbated liquidity issues, driving down token prices and potentially impacting other investors who held fwDETH.

Wider Impact and Growing Phishing Threat in Crypto

The $36 million phishing attack is one of the largest recent incidents involving a “permit” phishing signature and follows a pattern of increasingly sophisticated phishing scams targeting the cryptocurrency market.

Similar phishing attacks have resulted in significant losses for other investors, with a notable case in September where another victim lost $32.4 million worth of spWETH tokens in a phishing attack.

However, in the case of this whale, the stolen assets, tied to the decentralized finance protocol Spark, involved 12,083 wrapped ether tokens (spWETH).

Inferno Drainer creates fake versions of popular DeFi apps, tricking users into signing transactions that transfer control of their wallets.

The tool, responsible for stealing over $215 million from 200,000 victims, resurfaced in 2024 after being shut down in late 2023.

Similarly, another crypto whale lost approximately $55.4 million worth of Dai stablecoins in a phishing attack in August.

The rise in phishing incidents comes amid a broader trend of escalating crypto scams.

According to cybersecurity firm CertiK, Q3 of 2024 alone saw over $753 million lost to various forms of fraud, including $127 million in phishing scams.

These attacks often involve tricking users into signing fraudulent contracts or linking their wallets to malicious websites, enabling hackers to drain funds with minimal user awareness or authentication.

Similarly, a recent report also showed that in Q2 2024, the crypto industry was the second most targeted sector for identity fraud, accounting for nearly 29% of global fraud attempts.

Scammers are increasingly exploiting all forms of vulnerabilities to target both retail investors and institutional players.