A recent phishing attack on a crypto venture capital (VC) fund led to the loss of over $36 million in wrapped Ethereum tokens (fwDETH).
According to a report by blockchain monitoring platform Lookonchain, the incident occurred on October 11. The attackers used a fraudulent “permit” signature to facilitate the transaction.
This attack involved 15,079 fwDETH tokens and is believed to have affected an entity linked to Continue Capital, a well-known crypto VC fund.
The attackers exploited a common signature mechanism, deceiving the victim into signing a transaction that allowed the immediate transfer of funds.
Phishing attacks in the crypto space are among the most common, evolving into highly deceptive schemes often disguised as legitimate transactions.
In this case, the attackers used a malicious “permit” signature, which allows users to authorize transactions without directly engaging with their assets. While designed to streamline processes, these signatures can be misused when users unknowingly approve unauthorized transactions.
Blockchain data reveals that the victim’s wallet, associated with Continue Capital, unknowingly granted permission for transferring 15,079 fwDETH tokens on the Blast chain.
The stolen funds were swiftly moved to an address controlled by the hacker, identified as 0x0605edee6a8b8b553cae09abe83b2ebeb75516ec, who quickly sold the tokens, causing fwDETH prices to plummet by over 95% before partially recovering.
The rapid transfer and sale caused ripple effects across decentralized finance (DeFi) protocols reliant on fwDETH liquidity, including PAC Finance and Orbit Finance. Although the full impact on these protocols is unclear, analysts note that the massive sell-off worsened liquidity issues, driving down token prices and potentially affecting other fwDETH holders.
The $36 million phishing attack is among the largest recent incidents involving a “permit” phishing signature, reflecting a trend of increasingly sophisticated phishing scams targeting the crypto market.
Similar attacks have led to significant losses for other investors. In September, another victim lost $32.4 million in spWETH tokens in a phishing attack.
Inferno Drainer, which creates fake versions of popular DeFi apps to trick users into signing transactions that transfer control of their wallets, was responsible for over $215 million in theft from 200,000 victims. It resurfaced in 2024 after being shut down in late 2023.
Another crypto whale lost about $55.4 million in Dai stablecoins in a phishing attack in August.
The rise in phishing incidents is part of a broader trend of increasing crypto scams. In Q3 of 2024 alone, $753 million was lost to various forms of fraud, including $127 million in phishing scams, according to cybersecurity firm CertiK.
These attacks often involve tricking users into signing fraudulent contracts or linking wallets to malicious websites, allowing hackers to drain funds with minimal user awareness or authentication.
A recent report showed that in Q2 2024, the crypto industry was the second most targeted sector for identity fraud, accounting for nearly 29% of global fraud attempts. Scammers are increasingly exploiting vulnerabilities to target both retail investors and institutional players.
Twitter: Lookonchain reported a major $36M loss due to a phishing attack on a crypto VC. Be cautious and double-check all transactions! #CryptoSecurity #PhishingAlert
