Victim who lost $7M in Ethereum regrouping exploit gets money back
In the year The victim, who lost 1,807 Liquid Stock Ether (ETH) worth $6.91 million on May 26, appears to have received a large portion of the stolen funds from the fraudsters.
Yu Xian, co-founder of blockchain analytics firm SlowMist, said: “Yesterday, the old phishing group Inferno Drainer used the offline authorization signature of the license. “Today, they actually got a return, which is very rare.”
That same day, Scam Sniffer posted on X that the victim had returned 1,445 Ether, or 80% of the stolen money, after the scammers said they received a 20% bonus. Analysts stated that the wallet address involved in the breach was subjected to a license phishing attack, whereby a malicious actor generated a valid off-chain license signature to transfer ERC-20 tokens to a designated recipient from a non-owned wallet.
According to SlowMist, the attack is possible due to an ignored feature in Ethereum licenses introduced via AEP-2612. EIP allows users to interact with smart contracts without requiring prior authorization by attaching an authorization signature. However, the authorization function can be performed by any account, regardless of ownership. So, if users have previously compromised their wallet signature on phishing sites, even if they don't authorize any transactions, fraudsters can still use the authorization to withdraw tokens from their wallets.
To protect against such attacks, SlowMist recommends the following:
“It is recommended that you periodically use a permit tool such as RevokeCash (to identify any unusual permits). For Uniswap Permit2, the permit management tool at can be used for verification. It is important to quickly revoke any unusual permits if found.”
But not everyone sympathized with the victim in this incident.
“How can you fish for $638K last year and $6.9M this year? Some people are careless with their assets,” commented ZachXBT, a popular DeFi sleuth.
In March, Cointelegraph reported that cryptocurrency-related scams had increased 53% in the past year. According to the FBI, cryptocurrency-related investment fraud will account for 86 percent of all investment losses in the United States by 2023.
Related: Normie's memecoin team issues hacker requests after token drops 99%