According to ChainCatcher, SlowMist Cosine posted on the X platform that a user’s WETH was phished on Blast. There are several key pieces of information that need to be noted:
WETH on Blast is Blast's wrapped ETH token issued by Blast. The contract is upgradeable and supports offline permit authorization signature.
The WETH code on the Ethereum mainnet is only about 50 lines, which is very concise and reliable. The amount of ETH stored in the contract is equal to the amount of WETH issued, and there are no fancy functions such as permits.
Users were phished because Inferno Drainer supported Blast WETH permit offline authorization signature. The phishing gangs really studied the details, and the details determine the benefits.
