A recent phishing attack on the Blast network resulted in a crypto whale losing around $35 million in Few Wrapped Duo ETH (fwDETH) tokens. The incident was initially reported by Scam Sniffer and later confirmed by security firms PeckShield and BlockSec. The victim inadvertently signed a fraudulent “permit” signature, which allowed the attacker to access and drain funds from their wallet.
fwDETH is a wrapped version of Duo ETH (DETH), a derivative of Ethereum (ETH) created by the decentralized finance (DeFi) protocol Duo on the Blast network. The whale, identified by the wallet address 0xEab2E…a393, lost a total of 15,079 fwDETH tokens.
Experts explained that the phishing scheme involved deceiving the whale into signing an offline permit message, a common practice in DeFi for authorizing token transfers without revealing private keys. Once signed, the attacker exploited this permit to steal the fwDETH tokens.
The repercussions of the attack were swift, with the price of DETH plummeting over 38% from $3,482 to $2,150 as the attacker liquidated the stolen assets. Similarly, the price of fwDETH dropped more than 90%, falling from $2,000 to $100 before partially recovering to $1,000.
This sharp decline sent shockwaves through the Blast network and the wider crypto community, highlighting the ongoing security challenges faced by crypto investors, particularly those with substantial holdings. As a result, the Blast network and its protocols may now be under increased scrutiny.