Crypto VC fund-tied entity loses $36m by signing phishing permit transaction: report

An entity reportedly linked to a cryptocurrency venture capital fund has lost over $35 million in tokens due to a malicious permit transaction.

An unidentified on-chain entity has suffered a staggering loss of wrapped Ethereum (ETH) tokens valued at $36 million after inadvertently signing a malicious transaction.

In an X post on Friday, Oct. 11, blockchain monitoring account Lookonchain reported that the entity, believed to be associated with the crypto venture capital fund Continue Capital, lost 15,079 fwDETH — wrapped ETH tokens on Blast’s chain — due to a “permit” phishing signature. As of press time, Continue Capital made no public statements on the matter.

Following the news, the price of fwDETH plummeted by more than 95% in its trading pair with fwWETH before rebounding to a 40% decline. An X user under the alias @roffett_eth pointed out that the price drop led to “attacks on protocols like PAC Finance and Orbit Finance,” though the extent of these attacks remains unclear. Neither project has commented on the situation as of this writing.

Phishing attacks in the cryptocurrency sector are becoming increasingly sophisticated, often disguised as legitimate requests for user permissions. In this case, the victim appears to have fallen victim to a tactic that exploits user trust in digital signatures, underscoring the persistent risks within the crypto landscape.