A recent phishing attack targeting a crypto venture capital (VC) fund has resulted in the loss of over $36M worth of wrapped Ethereum tokens (fwDETH).
According to a by blockchain monitoring platform Lookonchain, the phishing incident took place on October 11, with the malicious transaction being facilitated by a fraudulent “permit” signature.
This attack, involving 15,079 fwDETH tokens, is believed to have impacted an entity linked to Continue Capital, a prominent crypto VC fund.
The malicious actors exploited a commonly used signature mechanism, which involved tricking the victim into signing a transaction that allowed the immediate siphoning of funds.
Phishing Attack Costs VC Fund $36M in Wrapped Ethereum: Is Your Crypto Safe?
Phishing attacks in the cryptocurrency space are one of the, and they have evolved into highly deceptive schemes, often disguised as legitimate transactions.
In this case, the attackers used a malicious “permit” signature, a mechanism that allows users to sign off on transactions without directly interacting with their assets.
While such signatures are designed to streamline operations, they are vulnerable to abuse when users unknowingly approve unauthorized transactions.
indicates that the victim’s wallet address, linked to Continue Capital, unknowingly granted permission for the transfer of 15,079 fwDETH tokens on the Blast chain.
The stolen funds were quickly moved to an address controlled by the hacker, identified as 0x0605edee6a8b8b553cae09abe83b2ebeb75516ec, who swiftly offloaded the tokens, causing fwDETH prices to drop by over 95% before partially recovering.
The rapid transfer and sale of the stolen funds caused ripple effects across decentralized finance (DeFi) protocols dependent on fwDETH liquidity, including PAC Finance and Orbit Finance.
Though the full extent of the damage to these protocols remains unclear, analysts note that the massive sell-off exacerbated liquidity issues, driving down token prices and potentially impacting other investors who held fwDETH.
Wider Impact and Growing Phishing Threat in Crypto
The $36 million phishing attack is one of the largest recent incidents involving a “permit” phishing signature and follows a pattern of increasingly sophisticated phishing scams targeting the cryptocurrency market.
Similar phishing attacks have resulted in significant losses for other investors, with a notable case in September where another victim in a phishing attack.
However, in the case of this whale, the stolen assets, tied to the decentralized finance protocol Spark, involved 12,083 wrapped ether tokens (spWETH).
Inferno Drainer creates fake versions of popular DeFi apps, tricking users into signing transactions that transfer control of their wallets.
The tool, responsible for stealing over $215 million from 200,000 victims, resurfaced in 2024 after being shut down in late 2023.
Similarly, another crypto whale in a phishing attack in August.
The rise in phishing incidents comes amid a broader trend of escalating crypto scams.
According to cybersecurity firm CertiK, to various forms of fraud, including $127 million in phishing scams.
