Victim who lost $7M in Ethereum re-staking exploit gets funds back

The victim allegedly received 80% of the funds back, with the rest kept as a "bounty."
The victim allegedly received 80% of the funds back, with the rest kept as a "bounty."

An unfortunate victim who lost 1,807 liquid staked Ether (ETH), worth $6.91 million, on May 26 appears to have received a large share of the stolen funds back from scammers.

“Yesterday, the old phishing group Inferno Drainer used the permit offline authorization signature to phishing away nearly US$7 million in ETH re-pledged assets from a user,” wrote Yu Xian, co-founder of blockchain analytics firm SlowMist. “Today, they actually got a refund, which is really rare.” 

The same day, Scam Sniffer posted on X that the victim recouped 1,445 Ether, or 80% of the stolen funds, after the scammers allegedly kept a bounty of 20%. Analysts claimed that the wallet address involved in the breach had suffered a permit phishing attack, where a malicious actor generates an authentic off-chain authorization signature for the designated recipient to transfer ERC-20 tokens from a wallet not owned by them. 

The victim who allegedly lost $7 million from a permit phishing attack. Source: Scam Sniffer

According to SlowMist, the attack is executable due to an overlooked feature in Ethereum permits, introduced through EIP-2612. The EIP enables users to interact with smart contracts without requiring prior authorization by attaching an authorization signature. However, the permit function can be executed by any account, irrespective of ownership. Hence, if users had previously compromised their wallet signatures on phishing websites, even if they did not approve of any transactions, then scammers could still utilize the permit exploit to siphon tokens from their wallets. 

To protect against such attacks, SlowMist suggested: 

"It is recommended to periodically use authorization tools like RevokeCash (https://revoke.cash) to identify any abnormal authorizations. For Uniswap Permit2, the authorization management tool at https://app.scamsniffer.io/permit2 can be utilized for verification. If any irregular authorizations are detected, it is crucial to promptly revoke them."

Not all were sympathetic to the victim in this incident, however. 

"How do you get phished last year for $638K and then again this year for $6.9M. Some people are just careless with their assets," commented prominent DeFi sleuth ZachXBT. 

In March, Cointelegraph reported that cryptocurrency-related scams are up 53% within the past year. According to the FBI, cryptocurrency-related investment fraud accounted for 86% of all investment losses within the United States in 2023.

Related: Normie memecoin team mulls hacker demands after token falls 99%