DeFi’s ‘Permit’ Function Exploited in $6 Million Phishing and Money Laundering Incident

On September 18, 2025, a phishing scheme led to the loss of $6.28 million worth of staked

(stETH) and Aave-wrapped (aEthWBTC) tokens. The stolen funds were quickly funneled through various blockchain networks. According to blockchain security company Scam Sniffer, which broke the story on X as @realScamSniffer, this case demonstrates how cybercriminals are employing increasingly advanced tactics to exploit weaknesses in decentralized finance (DeFi) platforms Phishing Heist Steals $6M in stETH & aEthWBTC, Laundered Fast [ 1 ]. The perpetrator, using the wallet address 0x1623…9aC9, utilized a Drainer Network to wash the assets, swapped the tokens into and transferred them across chains using the Bridgers protocol shortly after the theft occurred Phishing Heist Steals $6M in stETH & aEthWBTC, Laundered Fast [ 1 ]. The laundered cryptocurrency was then split among Bitcoin and wallets, including a Bitcoin address starting with bc1q and a TRON address labeled TEuR8R Phishing Heist Steals $6M in stETH & aEthWBTC, Laundered Fast [ 1 ].

The attacker took advantage of a flaw within the "Permit" signature feature, which is meant to make token transfers easier by letting users

off-chain transaction requests without needing fees. As Yu Xian, the founder of SlowMist, explained, the victim was tricked into approving malicious permits through routine wallet notifications, giving the attacker access without setting off immediate alarms Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum [ 2 ]. Since the transaction didn’t require gas fees, it initially appeared harmless—allowing the $6.28 million transfer to go unnoticed until after the fact Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum [ 2 ]. Scam Sniffer pointed out that the thief combined the Permit and TransferFrom functions, thereby sidestepping traditional on-chain approval checks and concealing the outflow until the funds had already been moved Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum [ 2 ].

The laundering process used sophisticated techniques to spread funds across multiple chains. Roughly 753 stETH and 123 ETH were bridged to Ethereum, while 71 ETH ended up on the NEAR protocol. One fee wallet from the Drainer Network sent 312.8 ETH to a concealed address, further complicating the money trail Phishing Heist Steals $6M in stETH & aEthWBTC, Laundered Fast [ 1 ]. All these movements happened rapidly, within a few hours, illustrating how efficiently modern laundering operations can hide the origins of stolen funds across different blockchains. This case reflects a larger pattern: Scam Sniffer documented $12.17 million in phishing losses in August 2025—a 72% jump from July—with three major accounts comprising nearly half that total, including one theft of $3.08 million Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum [ 2 ].

Experts attribute the rise in phishing thefts to a wave of EIP-7702 batch-signature exploits and direct transfers to rogue contracts Crypto whale loses $6M to sneaky phishing scheme targeting staked Ethereum [ 2 ]. This incident should warn crypto holders to be wary of granting permissions to unknown sources and interacting with suspicious smart contracts. Recommended precautions include using hardware wallets, enabling multi-factor authentication, and monitoring wallet permissions for irregularities Phishing Heist Steals $6M in stETH & aEthWBTC, Laundered Fast [ 1 ]. For developers, it’s vital to carry out thorough smart contract reviews and adopt multiple security layers to reduce risks $6.2M Gone Overnight: New Phishing Attack Shakes Crypto … [ 3 ].

This attack also underscores a fundamental problem for DeFi: the absence of centralized authorities makes it virtually impossible to compensate victims after a theft. Unlike conventional banking, many DeFi projects can’t reverse fraudulent transactions or restore lost assets, exposing users to permanent losses $6.2M Gone Overnight: New Phishing Attack Shakes Crypto … [ 3 ]. The event follows a separate $2.59 million hack targeting the Nemo Protocol in September 2025, further illustrating the inherent dangers in decentralized systems $6.2M Gone Overnight: New Phishing Attack Shakes Crypto … [ 3 ]. As phishing tactics become more sophisticated, the crypto sector must find ways to innovate while strengthening security to restore user confidence and guard against widespread loss of trust.