Skip to main content
Security

User Funds Drained by Malicious Uniswap Permit2 Signature

A deceptive Permit2 transaction approval allowed an attacker to siphon $118,000 in user assets, highlighting critical signature verification risks.
September 24, 20253 min

A highly detailed, futuristic metallic structure dominates the frame, centered around a multi-layered hexagonal module with a stylized symbol on its uppermost surface. Subtle blue light emanates from within its dark, polished layers, suggesting active internal processes and energy flow
A clear, faceted crystalline object is centrally positioned within a broken white ring, superimposed on a detailed, luminous blue circuit board. This imagery evokes the cutting edge of digital security and decentralized systems

Briefing

A user recently incurred a loss of $118,000 in digital assets, including $NEURAL, $MNW, $ENJ, and $USDC, after unknowingly authorizing a malicious Uniswap Permit2 transaction. This incident, reported by GoPlus Security on September 20, 2025, underscores the persistent threat of deceptive transaction signatures within the Web3 ecosystem. The attacker successfully siphoned the funds, which were subsequently traced to an Ethereum bridge address, demonstrating a critical exploitation of user trust and the Permit2 standard’s approval mechanism.

A translucent blue spherical module, intricately detailed with numerous metallic ports, is partially encased within a sleek, silver-colored metallic structure. The sphere's internal granular elements suggest complex data processing

Context

The prevailing security posture in decentralized finance (DeFi) continues to contend with sophisticated social engineering tactics and malicious smart contract interactions. Prior to this event, a known class of vulnerability involved users being tricked into signing broad token approvals or transactions that, while appearing legitimate, granted attackers unfettered access to their digital assets. This attack surface is exacerbated by the complexity of transaction details often obscured from the average user, creating an environment ripe for exploitation through crafted approval requests.

A high-tech, dark blue device showcases a prominent central brushed metal button and a smaller button on its left. A glowing blue circuit board pattern is visible beneath a transparent layer, with a translucent, wavy data stream flowing over the central button

Analysis

The incident’s technical mechanics involved the compromise of user assets through a malicious Uniswap Permit2 transaction signature. Instead of a direct smart contract exploit, the attacker leveraged social engineering or a compromised interface to trick the user into executing a Permit2 approve or permit call. This signature, once granted, permitted the attacker to transfer the specified tokens from the user’s wallet without requiring subsequent transaction confirmations. The success of this vector lies in the user’s inability to discern the malicious intent behind a seemingly standard token approval request, effectively bypassing traditional wallet security prompts for individual transfers.

A close-up view shows a grey, structured container partially filled with a vibrant blue liquid, featuring numerous white bubbles and a clear, submerged circular object. The dynamic composition highlights an active process occurring within a contained system

Parameters

  • Protocol Affected ∞ Uniswap Permit2 Standard (User Interaction)
  • Attack VectorMalicious Transaction Signature (Phishing/Social Engineering)
  • Financial Impact ∞ $118,000
  • Assets Lost ∞ $NEURAL, $MNW, $ENJ, $USDC
  • Blockchain(s) AffectedEthereum (funds traced to bridge)
  • Reporting Entity ∞ GoPlus Security

The image displays a close-up of a blue and metallic hardware component, featuring dark grey accents and visible fasteners, partially embedded in a soft, light blue, flowing surface. A vibrant, translucent blue stream of liquid-like data gracefully moves across and around the component, creating dynamic reflections

Outlook

Immediate mitigation for users involves extreme vigilance when interacting with dApps and signing transactions, particularly those utilizing token approval standards like Permit2. Users should employ hardware wallets, thoroughly review transaction details on trusted interfaces, and consider revoking unnecessary token approvals regularly. This incident highlights the need for enhanced wallet interfaces that provide clearer, human-readable explanations of transaction effects, alongside broader user education on the risks of blind signing. Protocols should prioritize integration with security tools that simulate transaction outcomes before signing, thereby reducing the window for such deceptive attacks.

This incident underscores that even robust smart contract standards remain vulnerable when user interaction is compromised, emphasizing the paramount importance of user education and sophisticated transaction simulation tools in mitigating Web3’s persistent social engineering threat.

Signal Acquired from ∞ coinmarketcap.com

Micro Crypto News Feeds

ethereum bridge

Definition ∞ An Ethereum bridge is a protocol that connects the Ethereum blockchain to other blockchain networks.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

malicious transaction

Definition ∞ A Malicious Transaction is a digital asset operation executed with fraudulent intent, aiming to defraud users or compromise a system.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

ethereum

Definition ∞ Ethereum is a decentralized, open-source blockchain system that facilitates the creation and execution of smart contracts and decentralized applications (dApps).

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

token approvals

Definition ∞ Token approvals are permissions granted by a token holder that allow a smart contract or another address to interact with their tokens, such as transferring or spending them.

Tags:

Tags: