In the first half of 2024 alone, over 260,000 users lost a staggering $314 million to phishing attacks on EVM-compatible blockchains. Shockingly, twenty individuals each lost more than $1 million, with one user suffering an $11 million loss—the second-largest theft of its kind in history.
These attacks often exploit seemingly harmless actions like signing transaction approvals. Common methods include malicious Permit, IncreaseAllowance, and Uniswap Permit2 signatures. Major thefts frequently involve staking, restaking, Aave collateral, and Pendle tokens. Many victims are tricked via fake comments on social media platforms like X (formerly Twitter), leading them to phishing sites disguised as legitimate services.
As the entry point for many users’ crypto transactions, Web3 wallets carry a significant responsibility for security. OKX Web3 Wallet has recently upgraded its risk interception system to tackle these high-frequency phishing scenarios. This article breaks down its four key protection features and explains how they keep you safe.
1. Blocking Malicious EOA Account Authorization
Many recent high-value thefts have involved users unknowingly authorizing malicious Externally Owned Accounts (EOAs). For example:
- On June 26, a user lost $217,000 after signing multiple phishing signatures on a fake Blast website.
- On July 3, a victim lost 6 BAYC NFTs and 40 Beans tokens (worth over $1 million) in a phishing attack.
- On July 24, a Pendle user lost $4.69 million in PENDLEPT restaking tokens due to multiple
Permitsignatures.
An EOA is an account controlled by a private key, unlike a smart contract account. Typically, users only approve smart contracts—not individual EOA addresses—to interact with their tokens. Common approval methods include:
- Approve: A standard ERC-20 method that authorizes a smart contract to spend a specific amount of tokens on your behalf. If you approve a malicious contract, it can immediately transfer your tokens.
- Permit: Allows token spending via off-chain signatures rather than on-chain transactions. Attackers often trick users into signing a
Permitmessage on a phishing site. - Permit2: A Uniswap innovation that enables gas-less approvals. If you’ve granted unlimited approvals on Uniswap, you could be vulnerable to
Permit2phishing.
Since Permit and Permit2 are off-line signatures, the authorization isn’t visible in the user’s transaction history—only in the phisher’s wallet.
How OKX Web3 Wallet Intercepts These Threats
OKX Web3 Wallet pre-scans every transaction before signing. If it detects an attempt to authorize an EOA address, it immediately alerts the user and blocks the request, preventing potential asset loss.
2. Preventing Malicious Changes to Account Ownership
Some blockchains like TRON and Solana use an “owner-based” permission model. If a user signs a malicious transaction, they could lose control of their account entirely.
On TRON, for example, there are three permission levels:
- Owner: Has full control, including the ability to modify other permissions.
- Witness: Used for voting and consensus-related actions.
- Active: Designed for daily operations like transfers and staking.
If a hacker obtains your private key or seed phrase, they can:
- Assign themselves Owner or Active permissions, creating a multi-signature setup where your transactions require their approval.
- Or, directly transfer your Owner/Active permissions to their address.
In both cases, you lose control of your assets—even if you still hold the private keys.
How OKX Web3 Wallet Intercepts These Threats
OKX Web3 Wallet scans for transactions that attempt to change account permissions. Because of the severe risk, it doesn’t just warn—it fully blocks such requests to prevent signing.
3. Detecting Malicious Changes to Transfer Addresses
Insecure or poorly designed smart contracts can be manipulated to redirect fund transfers to attacker-controlled addresses.
A notable example occurred on March 5, when several users lost funds after signing a queueWithdrawal transaction related to EigenLayer. Attackers exploited a function in the EigenLayer Strategy Manager contract, tricking users into approving withdrawals that sent staking rewards to the attacker’s address.
To avoid detection, attackers used the CREATE2 opcode to generate temporary addresses, making the transactions appear benign to many security tools.
How OKX Web3 Wallet Intercepts These Threats
OKX monitors transactions calling functions like queueWithdrawal. If a user is interacting with an unofficial site and the withdrawal address isn’t their own, the wallet triggers a强制警告 (qiángzhì jǐnggào —强制警告) —强制警告 (mandatory warning) and requires explicit user confirmation before proceeding.
4. Identifying and Flagging Similar Address Fraud
“Address poisoning” involves attackers generating addresses that look nearly identical to a user’s common contacts. They send a tiny, meaningless transaction to the victim so the fake address appears in their history. Later, when the user copies what they believe is a legitimate address, they accidentally send funds to the scammer.
A well-known case on May 3 saw a whale lose 1,155 WBTC (worth around $70 million) this way. The attacker used an address matching the first four and last six characters (excluding ‘0x’) of the victim’s target address.
How OKX Web3 Wallet Intercepts These Threats
OKX continuously monitors on-chain activity. If a large transfer is quickly followed by a small, unsolicited transaction from a similar-looking address, the system flags that address as suspicious. Future interactions with that address are blocked, and the wallet clearly marks it in the transaction history. This feature is currently live on eight supported blockchains.
Frequently Asked Questions
What is the most common type of crypto phishing attack?
The most common attacks involve tricking users into signing malicious transactions like Permit, Approve, or IncreaseAllowance, which give attackers permission to withdraw tokens from the victim's wallet. These often happen on fake websites promoted via social media.
How can I check my current token approvals?
You can use token approval revoke tools available on many blockchain explorers or security sites. These tools show all the contracts you’ve approved and allow you to revoke any that are unnecessary or suspicious. Always use reputable platforms for this.
What should I do immediately if I suspect I’ve approved a malicious contract?
First, revoke the approval using a trusted revoke tool. Then, move your remaining assets to a new wallet address if possible. Avoid interacting further with the suspicious dApp or website.
Why are off-chain signatures like Permit so dangerous?
Because they don’t require an on-chain transaction or gas fee, victims often don’t realize they’ve approved anything. The approval is hidden and only executed when the attacker submits it, making it harder to detect and revoke in time.
How does OKX detect similar address fraud?
The wallet monitors transaction patterns. If a small, unsolicited transfer from a new address occurs right after a large outgoing transaction, and the addresses look similar, OKX flags the new address as potentially malicious and warns you during future interactions.
Are hardware wallets safe from these attacks?
A hardware wallet adds security by requiring physical confirmation for transactions. However, if you manually sign a malicious permit or approval, even a hardware wallet cannot reverse it. Always verify what you are signing, regardless of wallet type.
Conclusion
The first half of 2024 has seen a rise in sophisticated phishing attacks, including airdrop scams and compromised official accounts. While opportunities abound in crypto, users must prioritize security. Understanding common threats—like malicious approvals, ownership changes, address poisoning, and contract exploits—is the first line of defense.
Using a wallet with advanced risk detection, like OKX Web3 Wallet, significantly reduces these risks. Stay vigilant, double-check addresses and contracts, and 👉 explore advanced security tools to protect your digital assets effectively.
Disclaimer: This article is for informational purposes only. It does not offer investment advice or recommend buying, selling, or holding any assets. Always conduct your own research and consult with a professional before making financial decisions. Digital asset investments are high-risk and can be highly volatile.