Kucoin
Trader Loses $1M to Phishing Attack via Uniswap Permit2 Exploit
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A trader lost approximately $1 million after falling victim to a phishing attack that exploited Uniswap's Permit2 feature. The attack involved the victim signing a malicious Permit2 message, granting a malicious contract access to their wallet without any additional prompts or warnings. This incident is part of a broader trend of approval phishing, which has resulted in significant losses across the crypto sector. In 2025, phishing scams accounted for $723 million in losses, with $366 million reported in the first half of 2026 alone. The attack did not require any protocol hacks, highlighting the effectiveness of social engineering tactics. Other incidents have also been reported, including a separate loss of $196,000 using the same method. The ongoing threat of approval phishing underscores the need for enhanced user awareness and security measures.
Key Points: • A trader lost $1 million due to a phishing attack using Uniswap's Permit2 feature. • The attack exploited a single signed message, granting malicious contract access to the wallet. • Phishing scams accounted for $723 million in losses in 2025, with ongoing high losses in 2026.