In a recent cyberattack, hacker drained $35 million worth of fwdETH and sell them, causing a big drop in their value. It appears the victim lost their funds after unknowingly signing a malicious “permit” signature, allowing the attacker to drain their wallet.
The hacker didn’t stop here, as an investigation by crypto sleuths reveals that the hacker’s address sold the stolen fwdETH rapidly. This led to a sharp drop in the price of dETH, causing widespread disruption across several DeFi protocols, including PAC Finance and Orbit Finance, which rely on dETH.
Initial investigations point to the hacker’s address: 0x0605edee6a8b8b553cae09abe83b2ebeb75516ec, which was responsible for offloading the stolen funds. The victim’s wallet, identified as 0xeab23cfe3776adf45e2e3dc56bcf739f6e0a393, was compromised via a “permit” signature exploit—an increasingly common method used in Web3 phishing scams.
Roffett.eth detailed the attack in a tweet, pointing out that the sudden sell-off of fwdETH caused a ripple effect, affecting liquidity and stability in dETH-pegged protocols. These unexpected price movements have left some protocols struggling to manage the fallout.
Scam Sniffer further elaborated that the attacker’s method leveraged temporary token spender addresses generated using the CREATE2 function, making it challenging to detect. This has raised alarms within the broader crypto community, with concerns over the growing sophistication of phishing techniques targeting DeFi users.
Ring protocol and Orbit protocol have not given any publicly given regarding the incident.