Over $36 million worth of Ethereum-wrapped tokens (fwDETH) were lost in a phishing attack last week, according to an entity report by VC-linked crypto firm Continue Capital.
The attackers used malicious permit signatures, a vulnerable point of Ethereum networks to steal 15,079 fwDETH from a victim's crypto wallet as they signed a deceptive permit transaction. In this type of phishing attack, the hacker usually imitates requests for user signatures in Ethereum DeFi networks.
The fwDETH token’s value decreased exponentially (about 95%) in the aftermath of the phishing attack as the hacker liquidated the stolen funds. Since then, the token has recovered but still remained about 43% down on Wedesday.
The entire DeFi ecosystem bore the brunt of the phishing attack’s ripple effect as Ethereum tokens-reliant protocols like Orbit Finance and PAC Finance got disrupted.
This hacking is in line with recent crypto blockchain phishing attack trends. As per reports, there were 150 phishing attacks in the 2024 first half, which led to a loss of $498 million in the crypto market.
The attack underscores the critical importance of user vigilance and robust security measures in the Ethereum ecosystem. As DeFi protocols continue to grow and evolve on the Ethereum network, addressing these vulnerabilities will be crucial for maintaining user trust and the long-term viability of decentralized financial systems.