A victim of a significant Ethereum phishing exploit has recovered a large portion of their stolen funds. The incident, which occurred on May 26, saw 1,807 ETH, valued at approximately $6.91 million, siphoned from the victim’s wallet through a permit phishing attack. Now the money is back!
The scammers returned 1,445 ETH, or about 80% of the stolen amount. The revelation came from blockchain analytics firm SlowMist and was further corroborated by Scam Sniffer.
So the hackers allegedly kept 20% as a bounty.
The phishing attack exploited a feature in Ethereum permits, introduced via EIP-2612, allowing interactions with smart contracts without prior authorization. This oversight enabled the scammers to transfer tokens from the victim’s wallet by generating an authentic off-chain authorization signature.
There’s a cure though. SlowMist recommends periodic use of authorization tools like RevokeCash to identify and revoke any abnormal permissions. This measure is crucial for preventing such exploits in the future.
Despite the recovery, not everyone was sympathetic.
DeFi sleuth ZachXBT criticized the victim for falling prey to phishing attacks twice in two years, losing substantial amounts each time.
Cryptocurrency-related scams have surged, with the FBI reporting that investment fraud in this sector accounted for 86% of all investment losses in the U.S. in 2023. The incident underscores the importance of vigilance in safeguarding digital assets. No one will save you from scammers as efficiently as you.