A cryptocurrency trader lost approximately $1 million after falling victim to a phishing attack exploiting Uniswap's Permit2 feature, according to recent reports. The attacker tricked the victim into signing a malicious message that granted full wallet access, with no protocol vulnerability or technical breach involved. The incident occurred as part of a broader phishing epidemic that generated $14 billion in total onchain scam losses in 2025, up from $12 billion in 2024, according to Chainalysis's 2026 Crypto Crime Report. The attack succeeded because the trader signed an off-chain authorization they believed was legitimate, demonstrating how Permit2's convenience feature can become an attack vector when users interact with deceptive interfaces.
The $1 million loss resulted from a phishing attack that exploited Uniswap's Permit2 contract, a token approval system designed to streamline DeFi interactions. Permit2 allows a single off-chain signature to approve multiple token interactions at once, eliminating the need for separate on-chain transactions for each protocol interaction. A separate victim lost approximately $196,000 in a similar attack involving the $VIRTUAL token. In both cases, no technical breach occurred on Uniswap's protocol—the attacks succeeded through user deception rather than smart contract vulnerabilities. Phishing sites impersonated legitimate DeFi interfaces, including airdrop claim pages and swap screens, to present convincing Permit2 signature requests at opportune moments. Once signed, the malicious contracts gained immediate access to the victims' entire portfolios without additional confirmation prompts.
Onchain scams generated at least $14 billion in losses during 2025, up from $12 billion in 2024, according to Chainalysis's 2026 Crypto Crime Report. In January 2026 alone, phishing and social engineering accounted for $370 million in total crypto losses, with one incident contributing $284 million of that total, according to CertiK data. Since 2021, approval phishing has been responsible for over $1 billion in reported losses. Wallet drainer-related losses fell 83% in 2025, dropping to approximately $84 million, indicating that targeted infrastructure takedowns have reduced that specific attack vector. However, approval phishing operates on different infrastructure that exploits legitimate protocol mechanics rather than deployable malicious contracts. Operation Atlantic, conducted in April 2026, resulted in the freezing of approximately $12 million tied to approval phishing schemes.
Revoke.cash allows users to audit and cancel outstanding token approvals, including Permit2 permissions. Running a revocation check after interacting with any new or unfamiliar protocol limits the damage window if a malicious approval is granted. Verifying contract addresses before signing any approval prompt is essential, as phishing sites are built to be visually indistinguishable from legitimate platforms. Hardware wallets add a physical confirmation layer but do not protect against signing a malicious message on a compromised site—if a user connects a hardware wallet to a malicious site and manually confirms a Permit2 signature request, the physical device becomes part of the attack rather than a defense. Defensive practices include verifying contract addresses in every signing prompt against known legitimate addresses, running regular audits with Revoke.cash or equivalent tools, and treating unexpected Permit2 signature requests with skepticism until verified.
What is Uniswap's Permit2 and why does it create phishing risk?
Permit2 allows users to sign a single off-chain message to approve multiple token interactions simultaneously. A single malicious signature can grant an attacker broad, immediate access to a user's entire wallet without any additional confirmation steps.
How did attackers exploit Permit2 in the $1 million loss incident?
Attackers built sites impersonating legitimate DeFi platforms and prompted users to sign Permit2 messages. Because Permit2 generates no on-chain warning or confirmation screen, victims had no indication they were authorizing a malicious contract, resulting in immediate, unauthorized fund transfers.
What financial impact has approval phishing caused in the crypto industry?
Approval phishing has caused over $1 billion in reported losses since 2021. It contributed to the $14 billion in total onchain scam losses recorded by Chainalysis for 2025, and CertiK's data shows phishing and social engineering alone caused $370 million in losses in January 2026.
Related News
Crypto Industry Prepares for Quantum Computing Threat to Blockchain Encryption
DAXA Warns of Phishing Sites Impersonating Korean Crypto Exchanges
Ethereum Trader Loses $2M in Single-Block Backrun Exploit on Uniswap
$2 Million Ether Swap Ends in $14K After Low Liquidity Routing Mistake