Trader Loses $1M to Phishing Attack via Uniswap Permit2 Exploit

Trader Loses $1M to Phishing Attack via Uniswap Permit2 Exploit

First seen 9 Jul 2026, 10:55 UTC CryptobriefingKucoinBeincrypto 74% similarity 64.5

Article Content

Browse articles
ThreatCluster

A trader lost approximately $1 million after falling victim to a phishing attack that exploited Uniswap's Permit2 feature. The attack involved the victim signing a malicious Permit2 message, granting a malicious contract access to their wallet without any additional prompts or warnings. This incident is part of a broader trend of approval phishing, which has resulted in significant losses across the crypto sector. In 2025, phishing scams accounted for $723 million in losses, with $366 million reported in the first half of 2026 alone. The attack did not require any protocol hacks, highlighting the effectiveness of social engineering tactics. Other incidents have also been reported, including a separate loss of $196,000 using the same method. The ongoing threat of approval phishing underscores the need for enhanced user awareness and security measures.

Key Points: • A trader lost $1 million due to a phishing attack using Uniswap's Permit2 feature. • The attack exploited a single signed message, granting malicious contract access to the wallet. • Phishing scams accounted for $723 million in losses in 2025, with ongoing high losses in 2026.

ThreatCluster AI

Timeline

2025-01-01
Phishing scams reported $723 million in losses
CertiK reported that phishing scams resulted in $723 million in losses across 248 incidents in 2025.
Kucoin
2026-01-01
January phishing losses reach $370 million
Chainalysis reported that phishing and social engineering scams accounted for $370 million in losses in January 2026 alone.
Cryptobriefing
2026-07-09
Trader loses $1 million to phishing attack
A trader lost $1 million after signing a malicious Permit2 message, allowing a contract to drain their wallet.
Cryptobriefing

Community

Browse all →