Ethereum Whale Loses $6M in Gas-Free Phishing Attack

What to Know: A $6M phishing attack exploited the permit signature feature. The whale’s identity remains undisclosed. Increased risks for whales due to gas-less signatures. Ethereum Whale Loses $6M in Gas-Free Phishing Attack An Ethereum whale was entirely wiped out in a $6 million gas-free phishing attack leveraging the Permit signature feature, resulting in significant losses of staked Ethereum and Aave-wrapped Bitcoin. The incident highlights vulnerabilities in off-chain permissions, causing concern among blockchain security experts and increasing scrutiny over wallet signature practices within the DeFi and cryptocurrency ecosystem. An Ethereum whale suffered a $6 million loss in a gas-free phishing attack due to the permit signature feature. The incident highlights the vulnerability of gas-less signatures, raising concerns among Ethereum holders and security experts. $6M Stolen in Sophisticated Ethereum Phishing Attack A sophisticated phishing attack successfully stole $6 million in cryptoassets from an Ethereum whale. The attack leveraged the permit signature, bypassing the need for gas fees. The whale’s identity remains hidden, and the attackers have not been successfully identified. Expert analysis points to growing phishing threats in the cryptocurrency sector. Ethereum vs. Security: Community Urges Stricter Measures The attack’s immediate impact saw staked Ethereum and Aave-wrapped Bitcoin being drained from the whale’s wallet. No institutional funds were affected. Community concerns increased, with experts urging stricter security measures. Market reactions remain muted with no major protocol-level changes announced. Yu Xian, Founder, SlowMist, commented, “From the victim’s perspective, he just clicked a few times to confirm the wallet’s pop-up signature requests, didn’t spend a single penny of gas, and $6.28 million was gone.” Over $12M Stolen in August 2025 Similar Attack Similar phishing incidents have occurred, with one event in August 2025 involving over $12 million stolen. Such attacks highlight persistent security challenges. Cyvers Alerts Tweet Given historical data, there are calls for heightened protocols, with security researchers urging caution: “Never approve unlimited or suspicious wallet permissions.” Source Disclaimer: The information on this website is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets are volatile, and investing involves risk. Always do your own research and consult a financial advisor.