Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
Permit Signatures Still Power the Biggest Phishing Attacks
Crypto-Detective
2
Posts
2
Posters
12
Views
-
The largest single phishing theft of 2025 totaled $6.5 million and relied on a malicious Permit signature, reinforcing that Permit and Permit2 approvals remain a favorite tool for attackers. Scam Sniffer found that Permit-based exploits accounted for 38% of losses in phishing incidents exceeding $1 million.
At the same time, attackers quickly adapted to new protocol changes. After Ethereum’s Pectra upgrade, EIP-7702–based malicious signatures emerged, exploiting account abstraction to bundle multiple harmful actions into a single approval. Two such incidents in August alone caused $2.54 million in losses, underscoring how fast new attack vectors appear after upgrades.
