{"id":79618,"date":"2024-05-27T12:44:36","date_gmt":"2024-05-27T16:44:36","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=79618"},"modified":"2024-05-27T12:44:40","modified_gmt":"2024-05-27T16:44:40","slug":"ethereum-re-staking-exploit-victim-gets-funds-back","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/ethereum-re-staking-exploit-victim-gets-funds-back\/","title":{"rendered":"Ethereum Re-staking Exploit Victim Gets Funds Back"},"content":{"rendered":"\n

On May 26, an unlucky victim lost 1,807 liquid staked Ethers<\/a> valued at $6.91 million. The hacker has returned a substantial portion of the stolen funds.\u00a0<\/p>\n\n\n\n

\"Ethereum
Ethereum Re-staking Exploit Victim Gets Funds Back<\/figcaption><\/figure>\n\n\n\n

Yu Xian, co-founder of blockchain analytics firm SlowMist, wrote, “Yesterday, the old phishing group Inferno Drainer used the permit offline authorization signature to phish away nearly US$7 million in ETH ETH-pledged assets from a user.” “They received a refund today, which is extremely uncommon.” <\/p>\n\n\n\n

Scam Sniffer reported on X, the same day that the victim recovered 1,445 Ether, or 80%, of the stolen funds after the con artists purportedly retained a 20% bounty. <\/p>\n\n\n\n

Permit phishing is a malicious attack in which a malicious actor generates an authentic off-chain authorization signature for the designated recipient to transfer ERC-20 tokens<\/a> from a wallet that is not theirs. Analysts assert that the wallet address associated with the breach was the target of this breach.\u00a0<\/p>\n\n\n\n

\"The
The victim allegedly lost $7 million from a permit phishing attack. Source: Scam Sniffer<\/figcaption><\/figure>\n\n\n\n

EIP-2612, according to SlowMist, introduced a neglected feature in Ethereum permits that renders the attack executable. The EIP permits users to engage with smart contracts without prior approval by including a digital signature as authorization. <\/p>\n\n\n\n

Nevertheless, regardless of ownership, the permit function remains executable from any account. Therefore, if users had previously compromised their wallet signatures on phishing websites, fraudsters could still siphon tokens from their wallets using the permit exploit, even if they did not approve of any transactions. <\/p>\n\n\n\n

To mitigate the risk of such attacks, SlowMist proposed: <\/p>\n\n\n\n

\n

“It is recommended to periodically use authorization tools like RevokeCash (https:\/\/revoke.cash\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a>) to identify any abnormal authorizations. For Uniswap Permit2, the authorization management tool at https:\/\/app.scamsniffer.io\/permit2 can be utilized for verification. If any irregular authorizations are detected, it is crucial to promptly revoke them.”<\/em><\/p>\n<\/blockquote>\n\n\n\n

However, not everyone felt compassion for the victim in this particular incident. <\/p>\n\n\n\n

“How did you fall victim to phishing last year for $638,000 and again this year for $698,000?” “A few individuals are simply irresponsible with their assets,” remarked renowned DeFi investigator ZachXBT. <\/p>\n\n\n\n

Cointelegraph reported in March that schemes involving cryptocurrencies have increased by 53% over the past year. The Federal Bureau of Investigation (FBI) reported that investment fraud associated with cryptocurrencies constituted 86% of the total investment losses reported globally in 2023. <\/p>\n","protected":false},"excerpt":{"rendered":"

On May 26, an unlucky victim lost 1,807 liquid staked Ethers valued at $6.91 million. The hacker has returned a substantial portion of the stolen funds.\u00a0 Yu Xian, co-founder of blockchain analytics firm SlowMist, wrote, “Yesterday, the old phishing group Inferno Drainer used the permit offline authorization signature to phish away nearly US$7 million in […]<\/p>\n","protected":false},"author":12,"featured_media":79627,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[6921,19737,2118],"class_list":["post-79618","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-exploits","tag-ethereum-re-staking","tag-hacker"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2024\/05\/image-74.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/79618","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=79618"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/79618\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/79627"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=79618"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=79618"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=79618"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}