Security Incident Report: Phishing Attack on Crypto Whale

Security analysts reported a security incident involving a phishing attack where a crypto whale lost 15,079 Few Wrapped Duo ETH (fwDETH), valued at around $35 million.

fwDETH is a wrapped version of Duo ETH or DETH, a derivative of ETH issued by Duo — a DeFi protocol on the Blast network.

The incident occurred due to the whale's fraudulent “permit” signature, enabling the attacker to drain funds from their address 0xEab2E…a393. Crypto anti-scam solution Scam Sniffer first noted the breach.

Security firm PeckShield BlockSec corroborated the incident. Yajin (Andy) Zhou, co-founder of BlockSec, stated, "Looks like the attacker lured the victim into signing a permit message offline and then used the signed permit message to drain the fwDETH token from the victim’s account," according to The Block.

As a result of this exploit, the user experienced a significant loss of fwDETH, contributing to a drastic decline in value due to the attacker's sale. Within hours of the incident, the value of DETH plummeted over 90% from $2000 to $100, before recovering back to $1000 at the time of writing, based on data from DexScreener.