Victim who lost $7M in Ethereum re-staking exploit gets funds back

A permit phishing attack appears to have siphoned 1,807 liquid staked Ether from the victim’s wallet address.

An unfortunate victim who lost 1,807 liquid staked Ether (ETH), worth $6.91 million, on May 26 appears to have received a large share of the stolen funds back from scammers.

“Yesterday, the old phishing group Inferno Drainer used the permit offline authorization signature to phishing away nearly US$7 million in ETH re-pledged assets from a user,” wrote Yu Xian, co-founder of blockchain analytics firm SlowMist. “Today, they actually got a refund, which is really rare.” 

The same day, Scam Sniffer posted on X that the victim recouped 1,445 Ether, or 80% of the stolen funds, after the scammers allegedly kept a bounty of 20%. Analysts claimed that the wallet address involved in the breach had suffered a permit phishing attack, where a malicious actor generates an authentic off-chain authorization signature for the designated recipient to transfer ERC-20 tokens from a wallet not owned by them. 

Read more

A permit phishing attack appears to have siphoned 1,807 liquid staked Ether from the victim’s wallet address.
An unfortunate victim who lost 1,807 liquid staked Ether (ETH), worth $6.91 million, on May 26 appears to have received a large share of the stolen funds back from scammers.“Yesterday, the old phishing group Inferno Drainer used the permit offline authorization signature to phishing away nearly US$7 million in ETH re-pledged assets from a user,” wrote Yu Xian, co-founder of blockchain analytics firm SlowMist. “Today, they actually got a refund, which is really rare.” The same day, Scam Sniffer posted on X that the victim recouped 1,445 Ether, or 80% of the stolen funds, after the scammers allegedly kept a bounty of 20%. Analysts claimed that the wallet address involved in the breach had suffered a permit phishing attack, where a malicious actor generates an authentic off-chain authorization signature for the designated recipient to transfer ERC-20 tokens from a wallet not owned by them. Read more