Trader Loses $1M in Ethereum Phishing Attack via Permit2 Exploit

Trader Loses $1M in Ethereum Phishing Attack via Permit2 Exploit

First seen 9 Jul 2026, 10:55 UTC CryptobriefingValuethemarketsKucoinBeincryptoCryptonews 76% similarity 68.2

Article Content

Browse articles
ThreatCluster

A trader lost approximately $1 million in a phishing attack that exploited Uniswap's Permit2 feature. The attack involved the victim signing a fraudulent token approval request, which granted a malicious contract access to their wallet. This method does not require a protocol hack or zero-day exploit, as it relies on social engineering to deceive users into signing harmful transactions. The attackers quickly drained the funds, splitting them into three transactions to evade detection. This incident is part of a broader trend of approval phishing, with Chainalysis reporting at least $14 billion in onchain scams in 2025. CertiK data indicates that phishing and social engineering accounted for $370 million in losses in January 2026 alone. The risk is heightened as phishing sites increasingly mimic legitimate DeFi interfaces. Users are advised to utilize wallet revocation tools and verify contract addresses before signing any approvals.

Key Points: • A trader lost $1 million due to a phishing attack exploiting Uniswap's Permit2 feature. • The attack involved signing a fraudulent token approval, allowing attackers to drain funds quickly. • Phishing and social engineering accounted for $370 million in crypto losses in January 2026.

ThreatCluster AI

Timeline

2025-01-01
Phishing losses reported
CertiK reported phishing and social engineering losses of $370 million in January 2026, highlighting the ongoing threat.
Valuethemarkets
2026-07-09
Trader loses $1M to phishing attack
A trader lost $1 million after approving a malicious token permission on Ethereum, exploiting the Permit2 feature.
Kucoin
2026-07-09
Separate incident reported
Another victim lost approximately $196,000 using the same phishing technique, emphasizing the attack's prevalence.
Cryptobriefing

Community

Browse all →