The attacker stole around $1.1 million of the cartoon frog-themed PEPE tokens, and another roughly $50,000 of the also cartoon frog-themed APU token.
Permit phisher steals almost $1.4 million in frog tokens
An attacker using the permit phishing technique stole $1.39 million in tokens from an unsuspecting holder. The victim unknowingly signed a "Permit2" signature — a function intended to make crypto transactions smoother and less expensive, but one that also makes it possible for malicious actors to completely drain crypto wallets.
Victim loses $11 million to permit phishing
A victim lost $11 million in Aave Ethereum (aEthMK) and Pendle USDe tokens after signing several permit phishing signatures. Permit phishing is a technique in which scammers convince a victim to sign a transaction that grants broad permissions, allowing the scammer to then drain assets from the wallets.
"The AI Protocol" burns tokens after holder suffers $4.3 million theft
Someone who held over 111.6 million ALI tokens from a project called The AI Protocol was phished by someone using a wallet drainer service using a permit phishing technique. The tokens were priced at around $4.3 million.
Blockchain sleuth zachxbt was able to coordinate with the project to organize a community governance vote to burn the stolen tokens before the attacker was able to cash out. Although this doesn't return the stolen funds to their original owner, it at least keeps the attacker from profiting.
NFT collector SOL Big Brain loses around $1.5 million to phishing scam
The NFT collector SOL Big Brain lost around $1.5 million in ETH, stablecoins, and the Gearbox token after being targeted in a phishing scam. The attacker apparently compromised a Telegram account belonging to a founder of a portfolio company, then used it to message SOL Big Brain to ask him to claim his vested tokens. SOL Big Brain double checked that the sender was indeed the founder of the company, and did as he was instructed.
However, the attacker had set up a contract which used permit phishing to drain SOL Big Brain's wallet. He lost $740,000 in stablecoins, $550,000 in ETH, and another $200,000 in the GEAR token.
"Today is a bad day," wrote SOL Big Brain on Twitter.
Individuals lose millions in "permit phishing" scams
Between March and April 2023, the Scam Sniffer organization has identified at least $7.7 million stolen by so-called "permit phishers". These attackers convince their victims to sign malicious crypto transactions that use the "permit" functionality, which allows the attackers to siphon funds from the crypto wallets. This type of attack has existed for over a year, but there have been some high-value instances of the attack lately.
On March 11, ScamSniffer tweeted that they had detected 162 instances of the scam, totaling almost $4 million stolen, over the prior two days. On March 24, an individual wallet lost $4 million. Similar attacks on April 19, April 21, and April 30 saw individual wallets lose $449,000, $1.04 million, and $2.28 million, respectively.