Pendle Permit Phishing Scam Causes Crypto User Loses $11 Million

Key Points:

• A Pendle Permit phishing scam led to a user losing $11 million in aEthMKR and Pendle USDe tokens.
• The scam involved tricking the user into signing fraudulent permits and granting unauthorized access to their assets.

A user has fallen victim to a sophisticated phishing scam, resulting in the loss of $11 million in digital assets, including aEthMKR and Pendle USDe tokens.

Pendle Permit Phishing Scam Costs Crypto User $11 Million in Digital Assets

Phishing is a cyber-attack where victims are tricked into providing sensitive information, such as private keys or passwords, by attackers posing as trustworthy entities. In this case, the Pendle Permit phishing scam, reported by Scam Sniffer, the user was deceived into signing a fraudulent permit, leading to the unauthorized transfer of their assets.

The Pendle Permit phishing scam exploited a feature enabled through EIP-2612, known as Pendle Permit. The protocol removes the need for prior authorization when interacting with smart contracts, allowing for the generation of authorization signatures without on-chain transactions.

As a result, victims can unknowingly sign permits for malicious websites without broadcasting them to the blockchain. The possession of these signatures alone grants authorization, making the system particularly vulnerable to abuse.

According to cybersecurity firm SlowMist, this feature carries significant risks as attackers can easily deceive users into signing malicious permits by imitating legitimate websites.

MakerDAO Governance Delegate Falls Victim to Cyber Attack

Wu Blockchain revealed that the victim’s address was identified by Arkham as belonging to a MakerDAO governance delegate, a key role within the MakerDAO ecosystem. Governance delegates are responsible for voting on crucial proposals, governance polls, and executive votes, thereby influencing major decisions within the Maker protocol.

MKR holders and delegates typically vote to progress proposals from initial polls to final executive votes, which are then implemented after a delay period known as the governance security module (GSM).