Crypto VC Fund Suffers $36M Phishing Attack By Signing Permit: Report
phishing attack
VC Funding
A cryptocurrency venture capital fund has lost over $36 million in a phishing attack involving a fraudulent permit signature, with the victim linked to an entity from Continue Capital.
Last updated:
October 11, 2024 06:42 EDT
Journalist
Hassan Shittu
Journalist
Hassan Shittu
About Author
Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in…
Author Profile
Share
Copied
Last updated:
October 11, 2024 06:42 EDT
Why Trust Cryptonews
With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict
editorial standards
, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets.
Read more about Cryptonews
A recent phishing attack targeting a crypto venture capital (VC) fund has resulted in the loss of over $36M worth of wrapped Ethereum tokens (fwDETH).
According to a
report
by blockchain monitoring platform Lookonchain, the phishing incident took place on October 11, with the malicious transaction being facilitated by a fraudulent “permit” signature.
This attack, involving 15,079 fwDETH tokens, is believed to have impacted an entity linked to Continue Capital, a prominent crypto VC fund.
The malicious actors exploited a commonly used signature mechanism, which involved tricking the victim into signing a transaction that allowed the immediate siphoning of funds.
Phishing Attack Costs VC Fund $36M in Wrapped Ethereum: Is Your Crypto Safe?
Phishing attacks in the cryptocurrency space are one of the
most used forms of attack
, and they have evolved into highly deceptive schemes, often disguised as legitimate transactions.
In this case, the attackers used a malicious “permit” signature, a mechanism that allows users to sign off on transactions without directly interacting with their assets.
While such signatures are designed to streamline operations, they are vulnerable to abuse when users unknowingly approve unauthorized transactions.
Blockchain data
indicates that the victim’s wallet address, linked to Continue Capital, unknowingly granted permission for the transfer of 15,079 fwDETH tokens on the Blast chain.
The stolen funds were quickly moved to an address controlled by the hacker, identified as
0x0605edee6a8b8b553cae09abe83b2ebeb75516ec
, who swiftly offloaded the tokens, causing fwDETH prices to drop by over 95% before partially recovering.
The rapid transfer and sale of the stolen funds caused ripple effects across decentralized finance (DeFi) protocols dependent on fwDETH liquidity, including PAC Finance and Orbit Finance.
Though the full extent of the damage to these protocols remains unclear, analysts note that the massive sell-off exacerbated liquidity issues, driving down token prices and potentially impacting other investors who held fwDETH.
Wider Impact and Growing Phishing Threat in Crypto
The $36 million phishing attack is one of the largest recent incidents involving a “permit” phishing signature and follows a pattern of increasingly sophisticated phishing scams targeting the cryptocurrency market.
Similar phishing attacks have resulted in significant losses for other investors, with a notable case in September where another victim
lost $32.4 million worth of spWETH tokens
in a phishing attack.
However, in the case of this whale, the stolen assets, tied to the decentralized finance protocol Spark, involved 12,083 wrapped ether tokens (spWETH).
Inferno Drainer creates fake versions of popular DeFi apps, tricking users into signing transactions that transfer control of their wallets.
The tool, responsible for stealing over $215 million from 200,000 victims, resurfaced in 2024 after being shut down in late 2023.
Similarly, another crypto whale
lost approximately $55.4 million worth of Dai stablecoins
in a phishing attack in August.
The rise in phishing incidents comes amid a broader trend of escalating crypto scams.
According to cybersecurity firm CertiK,
Q3 of 2024 alone saw over $753 million lost
to various forms of fraud, including $127 million in phishing scams.
These attacks often involve tricking users into signing fraudulent contracts or linking their wallets to malicious websites, enabling hackers to drain funds with minimal user awareness or authentication.
Similarly, a
recent report
also showed that in Q2 2024, the crypto industry was the second most targeted sector for identity fraud, accounting for nearly 29% of global fraud attempts.
Scammers are increasingly exploiting all forms of vulnerabilities to target both retail investors and institutional players.
Follow us on Google News
