According to Scam Sniffer, a victim parted ways with more than $11 million worth of aEthMKR and Pendle USDe tokens after signing multiple Permit phishing signatures.
Notably, the victim is a MakerDAO governance delegate, according to Arkham Intelligence.
As noted by blockchain security firm SlowMist, victims might end up facing significant losses due to signature risks.
Permit, which was enabled through EIP-2612, makes it possible to remove the need for prior authorization when interacting with smart contracts.
Notably, the feature makes it possible to generate authorization signatures without relying on on-chain transactions.
Potential victims can sign the permit for a malicious website without broadcasting it to the blockchain. Since the possession of the signature is sufficient for granting authorization, the permit carries a significant level of risk, according to SlowMist.
Bad actors can potentially deceive their victims into providing the signatures by masquerading as a legitimate website.
Determining whether a signature is compromised or not can be difficult due to the fact that transactions take place off-chain. “From our understanding, some wallets decode and display signature information to approve authorization phishing attempts, but there is a lack of sufficient warning regarding permit signature phishing, posing higher risks to users,” the firm said.
This article was originally published by a u.today . Read the Original article here. .
Disclaimer:The information provided on this website does not constitute investment advice, financial advice, trading advice, or any other sort of advice and you should not treat any of the website’s content as such. BitcoinNews.best does not recommend that any cryptocurrency should be bought, sold, or held by you. Do conduct your own due diligence and consult your financial advisor before making any investment decisions.