A recent report from SlowMist reveals that an attack on Ethereum is possible due to an unnoticed characteristic in Ethereum permits, which was introduced via EIP-2612. This EIP allows users to engage with smart contracts without needing prior authorization, as they can simply attach an authorization signature. However, the flaw lies in the fact that the permit function can be carried out by any account, regardless of ownership. This means that if users have previously fallen victim to phishing websites and compromised their wallet signatures, scammers can still take advantage of the permit exploit to drain tokens from their wallets.
Funds restored to Ethereum re-staking exploit victim who suffered $7M loss
Add A Comment