How to Stay Safe from Phishing Scams As DeFi User Loses $35M

Bitget App

Trade smarter

Bitget

News

DailyCoin2024/10/12 14:03

By:DailyCoin

Phishing scam targets a DeFi user.
$35M in fwDETH stolen.
Rapid sales caused dETH to crash.

The decentralized finance (DeFi) sector is offering a new way to trade without intermediaries. However, this approach also brings serious risks, as seen with the rise of hacks and scams.

Phishing Scam Costs User $35M

On Friday, October 11, on-chain data revealed one of the largest losses in DeFi due to phishing scams. After approving a fraudulent permit signature, a DeFi user lost 15,079 fwDETH tokens, worth $35 million.

🚨 5 hours ago, someone lost 15,079 fwDETH($35M) after signing a "permit" phishing signature.💸 pic.twitter.com/YG6KlgWMtv
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 11, 2024

According to online investigators, the phishing attack used the permit signature function. This feature, used to make token transfers easier, also allows attackers to drain user wallets.

TL;DR: An unknown suspicious address obtained tens of thousands of fwdETH through the permit method and sold them, causing the price of dETH to plummet rapidly, leading to attacks on protocols like PAC Finance and Orbit Finance. https://t.co/FwsGhSfs0q @RingProtocol …
— roffett.eth (@roffett_eth) October 11, 2024

The stolen tokens were quickly sold on decentralized exchanges. The resulting volume and selling pressure even caused major declines in dETH price on DeFi platforms PAC Finance and Orbit Finance.

How To Stay Safe From Phishing

To stay safe from phishing scams, users should follow several important practices that keep their funds safe.

Double-Check Permissions: Before signing any signature approvals, carefully check the details of the transaction. Phishing attacks exploit the tendency for users to trust signature approvals online. In DeFi, the risk of these approvals is very high.

Use Reputable Wallets: Many wallets come with built-in security features that help prevent common scams and exploits.

Enable Multi-Factor Authentication (MFA): MFA adds an additional layer of security to transactions. When it is enabled, even if an attacker tricks a user into signing, they still have to pass additional security checks.

Safe Browsing and Email Use: Do not respond to unsolicited emails. This is especially important for emails that encourage users to click links. Also always check the sender’s email, to weed out emails posing as legitimate entities.

On the Flipside

In June, Slowmist raised an alarm over the escalating number of phishing attacks on TON.
Cybercriminals are becoming more sophisticated with their scams. In February, Lookout revealed an advanced phishing kit for targeting exchanges.

Why This Matters

The $35M DeFi phishing attack illustrates the vulnerability of the DeFi space to malicious actors. It also highlights the need for due diligence from users.

Read more about phishing scams:
324,000 Crypto Investors Fell Prey to Phishing Scams in 2023

Read more about Bitget targeting other types of scams:
Bitget Tightens Token Listing Rules to Fight Exit Scams, Rug Pulls

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops

Lock your assets and earn 10%+ APR

Lock now!