CFN Feature Crypto

  • A phishing scam resulted in $36M worth of wrapped Ethereum stolen from an entity tied to Continue Capital.

  • The attack exploited a "permit" phishing signature, causing fwDETH prices to drop by over 95%.

  • DeFi protocols PAC Finance and Orbit Finance were affected by liquidity issues following the massive sell-off.

A significant phishing attack has resulted in the loss of $36 million in wrapped Ethereum (fwDETH) tokens, impacting an entity reportedly linked to Continue Capital, a cryptocurrency venture capital fund.

Details of the Attack

On October 11, a blockchain monitoring service, Lookonchain, reported that 15,079 fwDETH tokens were stolen through a malicious "permit" transaction. This transaction tricked the victim into signing off on a fraudulent signature, allowing the immediate transfer of funds. The funds were moved to a hacker's address, Price Impact, and Ripple Effects.

https://twitter.com/lookonchain/status/1844597644343283985

The theft caused the price of fwDETH to plunge over 95% before partially recovering to a 40% decline. The sharp drop impacted decentralized finance (DeFi) protocols dependent on fwDETH liquidity, including PAC Finance and Orbit Finance. The exact extent of the damage to these platforms remains unclear, but it has raised concerns about liquidity in the broader DeFi market.

Phishing Threats on the Rise

Phishing attacks have become more sophisticated in the cryptocurrency space. The method used in this incident, a "permit" phishing signature, takes advantage of the system's reliance on digital trust. The attack highlights the growing risks faced by both institutional and retail investors in an increasingly vulnerable crypto landscape. According to CertiK, phishing attacks have led to significant losses, with over $668 million stolen in Q3 2024 alone.

Recent Crypto Phishing Incidents

This incident mirrors several other major phishing scams. In September, $32.4 million in spWETH tokens were stolen through a similar method, and in August, a whale lost $55.4 million worth of Dai stablecoins. These attacks underscore the persistent danger phishing poses to the crypto sector, which continues to experience growing fraud.