#What Happened to the Trader's Wallet?
Recently, one trader faced a staggering loss of about $1 million after being caught in a phishing attack that exploited Uniswap's Permit2 feature. This incident did not involve a hack of the protocol or a zero-day exploit. Instead, it resulted from the trader signing a document that they should have avoided.
#How Does a Single Signature Lead to Wallet Drainage?
Permit2 is a token approval contract created by Uniswap. This feature allows users to streamline token permissions across various decentralized applications. Instead of individually approving each token transaction, users can sign a singular off-chain message that covers multiple tokens simultaneously.
In this recent attack, the trader was deceived into signing a Permit2 message that granted a malicious contract access to their wallet. There were no prompts for confirmation or warnings. The funds were swiftly transferred without a trace.
Another victim lost approximately $196,000 in a separate incident involving the same phishing technique, where the method remained consistent: a single erroneous signature led to a total financial loss.
#What Does This Mean for the Industry?
Onchain scams presented a concerning landscape, with Chainalysis reporting losses of at least $14 billion due to crypto fraud in 2025, a rise from $12 billion the previous year. According to CertiK’s data, phishing and social engineering accounted for $370 million in crypto losses just in January 2026. Notably, one incident that month alone contributed to $284 million of that total.
Approval phishing schemes have steadily gained momentum since 2021, accumulating over $1 billion in reported losses due to this specific method. Despite a drop in losses tied to wallet drainers to about $84 million in 2025—a noteworthy 83% decline—this decline indicates that specific interventions are making progress. Unfortunately, approval phishing operates independently of the same countermeasures.
In April 2026, Operation Atlantic managed to freeze approximately $12 million associated with these approval phishing schemes.
#How Does Permit2 Increase Vulnerability?
Permit2 alters the landscape of token approvals. Traditional ERC-20 approvals necessitate an on-chain transaction for each token across various protocols. Permit2 simplifies this by allowing a single signed message, meaning that one compromised signature could jeopardize an entire portfolio.
Phishing sites increasingly mimic legitimate DeFi interfaces, airdrop claim pages, and NFT minting portals. They are designed to present a seemingly authentic Permit2 signature request to unsuspecting users.
#What Should Investors Do to Protect Themselves?
Investors should utilize wallet revocation tools such as Revoke.cash, which allow for the auditing and cancellation of ongoing token approvals, including those granted via Permit2. Regular checks for revocation, especially after engaging with unfamiliar protocols or sites, can mitigate risks associated with future mistakes.
It is crucial to verify the contract addresses before signing any authorization, as phishing sites often look identical to legitimate ones. The truth resides in the contract address shown in the approval prompts.
For an added layer of security, hardware wallets offer physical confirmations that aren't available with software wallets. However, if a user mistakenly signs a malicious Permit2 request from an unsafe site, it won't fully protect them.