đ¨ What is the Permit signature for the stolen 200 million RMB?
Is your wallet safe? Multiple solutions to help you avoid asset loss!
Once again, safety is no small matterââ
Yesterday, another huge phishing incident occurred, involving a loss of more than 12,000 spWETH, more than 32 million US dollars, and more than 200 million RMB;
It seems that this is caused by the "permit" signature which is not easy to detect;
1ď¸âŁUnderstand the Permit Signature:
Permit is an EIP-2612 standard used in the Ethereum ecosystem. This allows users to sign a message hash to approve token transfers without directly using their private keys.
In practice, a malicious attacker may use various means to induce a user to sign a signature that looks harmless but actually allows the transfer of funds.
If you are still unclear about this, you can carefully study the article written by @bocaibocai_. ââI think it is the most comprehensive article on this topic in the Chinese area:
https://x.com/bocaibocai_/status/1781969154268098701ďź
I will not go into details here;
2ď¸âŁHow to avoid such accidents?
1) Donât be afraid of trouble, study more and understand it first;
Understand the platform you are interacting with. Make sure you know why you are signing this signature, and what actions it allows.
Never sign anything without fully understanding it.
2) Develop a habit of searching
Check whether you have unlimited authorization signature for permit/permit2 at https://revoke.cash. If it is not used frequently, it is recommended to cancel it;
3) Install the protection plug-in
For the safety of your assets, you must install the Web3 secure browser plug-in
@wallet_guard has a scoring system that will indicate various possible risks;
@realScamSniffer is mainly used for security detection, which is relatively simple! A simple operation may help you lose a lot of assets at a critical moment
Walletguard installation: https://chromewebstore.google.com/detail/wallet-guard-protect-your/pdgbckgdncnhihllonhnjbdoighgpimkâŚ
Scam Sniffer Installation: https://chromewebstore.google.com/detail/scam-sniffer/mnkbccinkbalkmmnmbcicdobcmgggmfc?pli=1
4) Enhanced protection of hardware wallets:
Use a hardware wallet: Hardware wallets provide a more secure way to manage private keys than software wallets. Even if the signature is intercepted, the private key remains safe.
5) Large wallets set up dual signature or multi-signature:
If possible, require multiple signatures for large transactions.
6) Verify information from multiple aspects:
Be wary of sudden requests to sign unknown information, especially when large transactions are involved.
Always enter important contract addresses or URLs yourself, then check with the official Twitter, and always verify first instead of clicking on the link directly.
Check whether the contract address is consistent with the official one. You can use a block browser to verify.
7) Software Update:
Make sure you are using the latest version of your wallet software; these will usually include the latest security patches.
8) Never interact in a panic when you are not sober
This is very important and needs to be a habit. When you are not sober, or when you drink too late and your brain is not clear, try not to interact, or verify more;
Most "Permit" and similar phishing incidents can be avoided through increased individual and community awareness, and implementation of technical and behavioral safeguards. The key is vigilance, education, and the use of safe tools and practices.
