- A victim regained 80% of their stolen Ether, valued at nearly $7 million, following a permit phishing attack.
- Scammers returned the funds but kept a 20% bounty, highlighting unusual behavior in the crypto scam landscape.
- SlowMist advises using authorization tools to prevent similar phishing exploits in the future.
A surprising development unfolded in the cryptocurrency world as a victim of a phishing scam successfully recovered a significant portion of their stolen assets. The incident, which initially resulted in the loss of 1,807 liquid staked Ether, valued at approximately $6.91 million, saw an unexpected resolution when the scammers returned 1,445 of the stolen Ether, keeping a 20% bounty for themselves
A Rare Occurrence
This type of refund is exceedingly rare in the realm of cryptocurrency scams, where lost funds typically remain unrecovered. The recovery was confirmed by Scam Sniffer, a blockchain analytics platform that reported the refund on its X profile.
Details of the Phishing Attack
The theft occurred due to a permit phishing attack, exploiting a vulnerability within the Ethereum permit system, known as EIP-2612. This protocol allows transactions without direct authorization from the token owner by using a signature that a scammer can replicate if they have previously obtained it through deceitful means.
Protective Measures Suggested
To safeguard against similar incidents, blockchain security firm SlowMist recommends regular checks for unusual authorizations using tools like RevokeCash and the authorization management tool from Scam Sniffer for Uniswap Permit2. These tools help users identify and revoke any unauthorized transactions linked to their digital wallets.
The response to the incident has been mixed, with some community members criticizing the victim’s carelessness, especially considering their history of being phished previously. However, the quick recovery of such a large sum highlights the complexities and potential for partial redemption in the often murky waters of cryptocurrency scams.
