Disappearing Act with One Click! What are the Phishing Techniques and Prevention Methods for "Offline Authorization Signature"? A Case Study on Fake EigenLayer
"Without signing on-chain transactions, the money in the wallet and NFTs may all be lost." On 2/7, the founder of the cybersecurity company Slowmist, Yu Xian, discussed an incident where 100 pufETH valued at nearly $250,000 was lost. A large holder was phished into signing an offline authorization signature permit link, resulting in the loss of all funds.
According to a previous report "Is there a security risk when using Uniswap? How can offline signatures lead to asset theft?":
"Because off-chain signatures do not require gas fees, it is a security aspect that users often overlook. If malicious websites induce users to sign content that calls the Permit function, the user's tokens will be stolen by a third party." In such cases where users accidentally authorize abnormal actions, it is also difficult to immediately press Revoke to revoke the authorization and transfer assets away.
Advertisement - Please scroll down for more
Yu Xian stated that in such situations, it is likely difficult to recover the lost funds.
Below will demonstrate a single case method and possible prevention methods:
Table of Contents
Fake Posts, Fake Websites, Luring Users to Click Fatal Buttons
Phishers Lure Victims with Fake Accounts
Scammers use fake Twitter accounts to reply to tweets from real accounts, providing links to announcements or events. In the following example, the fake account has the same name and is verified, but the account name @ part is different from the official one.
Using a Fake EigenLayer Website to Deceive Careless Users
In the post provided by the fake account, they offer a seemingly official website, promoting "triple points rewards," but upon closer inspection, the URL is "https://quests-eigenlayer.com/" which is completely different from the official website: https://www.eigenlayer.xyz/
No Need to Trade, Disaster Strikes After Signing Wallet Signature
After linking your wallet, the website will ask you to sign an offline authorization signature. Since no network fees are required and it only asks for a signature, many people may overlook it, thinking it's a familiar website. Once clicked, it gives the phishing attacker full access, automatically transferring assets from the wallet. The phisher has obtained a large amount of funds
How Users Can Protect Themselves from "Offline Authorization Signature" Risks
Reports suggest that there are many ways to reduce the risks associated with off-chain signatures if the content is unfamiliar.
- The first principle is not to sign unfamiliar content casually.
- When approval confirmation screens appear, adjust the authorization quantity to the amount required for the transaction, although this may require repeated authorizations.
- Although signed content is difficult to trace, tools like revoke.cash can be used to query as much as possible.
- Use a wallet that holds small assets for off-chain signatures.
Super Convenient! Introduction to Defense Tool: Scam Sniffer
Scam Sniffer https://www.scamsniffer.io/ provides a browser extension that alerts users to suspicious transactions in wallets and can warn of signature risks such as "offline authorization signatures"; during transactions, it displays the actual transferred assets and quantities, providing an additional layer of security for users.
In the case of the fake website mentioned above, Scam Sniffer will proactively issue a warning. In testing, it is a very practical protective tool.
Related
- United Nations: Southeast Asian crime groups embrace AI, Telegram becomes primary platform for money laundering scams
- "Brothers in the US Set Up Trading Bot Scam 'Arbitrage Cannot Lose', SEC Claims $60 Million"
- Brick Mover Sentenced for Fraud! Taiwan Ton Ecosystem Member Receives Five Years Probation, Highlighting Regulatory Gaps in Virtual Asset Management Companies