How to Stay Safe from Phishing Scams as DeFi User Loses $35M

A $35M DeFi phishing attack through a permit signature exploit disrupted the market, impacting dETH prices on multiple protocols.

by . Fact checked by: Ciaran Lawler, Editor: Stefan Trapp
Published:
Girl freaking out looking at her laptop with cartoonish like hands sticking out of it.
Created by Gabor Kovacs from DailyCoin
Google News Follow Button
  • Phishing scam targets a DeFi user.
  • $35M in fwDETH stolen. 
  • Rapid sales caused dETH to crash. 

The decentralized finance (DeFi) sector offers a new way to trade without intermediaries. However, this approach also carries serious risks, as seen with the rise of hacks and scams. 

Sponsored

A recent phishing attack cost one user $35 million, showcasing the vulnerabilities in the DeFi ecosystem. Hereโ€™s what went wrong. 

Phishing Scam Costs User $35M

On Friday, October 11, on-chain data revealed one of the largest losses in DeFi due to phishing scams. After approving a fraudulent permit signature, a DeFi user lost 15,079 fwDETH tokens worth $35 million. 

According to online investigators, the phishing attack used the permit signature function. This feature, which makes token transfers easier, also allows attackers to drain user wallets. 

The stolen tokens were quickly sold on decentralized exchanges. The resulting volume and selling pressure even caused major declines in dETH price on DeFi platforms PAC Finance and Orbit Finance. 

How To Stay Safe From Phishing

To stay safe from phishing scams, users should follow several important practices that keep their funds safe. 

  • Double-Check Permissions: Carefully check the transaction details before signing any signature approvals. Phishing attacks exploit users’ tendency to trust signature approvals online. In DeFi, the risk of these approvals is very high. 
  • Use Reputable Wallets: Many wallets have built-in security features that help prevent common scams and exploits. 
  • Enable Multi-Factor Authentication (MFA): MFA adds an additional layer of security to transactions. When it is enabled, even if an attacker tricks a user into signing, the user still has to pass additional security checks. 
  • Safe Browsing and Email Use: Do not respond to unsolicited emails. This is especially important for emails that encourage users to click links. Also, always check the sender’s email to weed out emails posing as legitimate entities.ย 

On the Flipside

  • In June, Slowmist raised an alarm over the escalating number of phishing attacks on TON. 
  • Cybercriminals are becoming more sophisticated with their scams. In February, Lookout revealed an advanced phishing kit for targeting exchanges. 

Why This Matters

The $35M DeFi phishing attack illustrates the vulnerability of the DeFi space to malicious actors and highlights the need for users to exercise due diligence. 

Read more about phishing scams:ย 
324,000 Crypto Investors Fell Prey to Phishing Scams in 2023

Read more about Bitget targeting other types of scams:ย 
Bitget Tightens Token Listing Rules to Fight Exit Scams, Rug Pulls

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Tags
Author
David Marsanic
David Marsanic

David Marsanic is DailyCoinโ€™s journalist, focusing on Solana and crypto exchanges. David currently doesnโ€™t hold any crypto.

Read more