Bitcoin 
Ethereum 
Tether 
BNB 
XRP 
Wrapped SOL 
USDC 
Lido Staked Ether 
TRON 
Dogecoin 
Cardano 
Wrapped stETH 
Wrapped Bitcoin 
Wrapped Beacon ETH 
Hyperliquid 
Chainlink 
Bitcoin Cash 
Wrapped eETH 
Ethena USDe 
Stellar 
USDS 
Binance Bridged USDT (BNB Smart Chain) 
LEO Token 
WETH 
Hedera 
Sui 
Avalanche 
Coinbase Wrapped BTC 
Litecoin 
USDT0 
WhiteBIT Coin 
Monero 
Shiba Inu 
Zcash 
Toncoin 
Cronos 
Ethena Staked USDe 
Dai 
Mantle 
Polkadot 
MemeCore 
Bittensor 
World Liberty Financial 
Uniswap 
sUSDS 
Aave 
Bitget Token 
Figure Heloc 
OKB 
USD1 
A crypto whale lost more than $6 million in staked Ethereum (stETH) and Aave-wrapped Bitcoin (aEthWBTC) after approving malicious signatures in a phishing scheme on Sept. 18, according to blockchain security firm Scam Sniffer.
According to the firm, the attackers disguised their move as a routine wallet confirmation through “Permit” signatures, which tricked the victim into authorizing fund transfers without triggering obvious red flags.
Yu Xian, founder of blockchain security company SlowMist, noted that the victim did not recognize the danger because the transaction required no gas fees. He wrote:
“From the victim’s perspective, he just clicked a few times to confirm the wallet’s pop-up signature requests, didn’t spend a single penny of gas, and $6.28 million was gone.”
How Permit exploits work
Permit approvals were originally designed to simplify token transfers. Instead of submitting an on-chain approval and paying fees, a user can sign an off-chain message authorizing a spender.
That efficiency, however, has created a new attack surface for malicious players.
Once a user signs such a permit, attackers can combine two functions—Permit and TransferFrom—to drain assets directly. Because the authorization takes place off-chain, wallet dashboards show no unusual activity until the funds move.
As a result, the assets are gone when the approval executes on-chain, and tokens are redirected to the attacker’s wallet.
This loophole has made permit exploits increasingly attractive for malicious actors, who can siphon millions without needing complex hacks or high-cost gas wars.
Phishing losses
The latest theft highlights a wider trend of escalating phishing campaigns.
Scam Sniffer reported that in August alone, attackers stole $12.17 million from more than 15,200 victims. That figure represented a 72% jump in losses compared with July.
According to the firm, the most significant share of August’s damages came from three large accounts that accounted for nearly half of the total. This included one wallet that lost $3.08 million in a single exploit.
Meanwhile, the firm attributed the surge in losses to a rise in EIP-7702 batch-signature scams and direct transfers to malicious contracts.
Considering this, security experts have urged crypto users to be cautious when interacting with wallet requests and refuse demands that grant unlimited permissions to their wallets.
