A crypto user lost a total of $209,816 worth of WBTC and tBTC after signing malicious “permit” and “increaseApproval” signatures, according to Scam Sniffer. The victim, identified as 0x4a..a27f, fell prey to a phishing scam executed by addresses 0x62..D0Ca, 0x72..1A1, and 0xaF1..8094.
As per Scam Sniffer’s X thread, the victim signed “permit” and “increaseApproval” requests that let third‑party contracts access their tokens without a direct transaction. Scammers took advantage of this feature by disguising malicious requests as normal approvals.
🚨 A victim lost $209,816 worth of $WBTC and $tBTC after signing malicious "permit" and "increaseApproval" signatures. 💸 https://t.co/VPFdOMLtU3pic.twitter.com/Pls63zW1ot
— Scam Sniffer | Web3 Anti‑Scam (@realScamSniffer) October 14, 2025
“Double‑check all signature requests and never rush into signing transactions,” the thread advised. Besides individual vigilance, users must adopt tools to detect suspicious links or dApps.
Scam Sniffer’s September 2025 report shows crypto scams cost $11.78 million, slightly less than August, but the number of victims grew to 15,513. Most attacks still use fake “permit” signatures. One person even lost $6.5 million that month by signing several fraudulent requests.
New tools to fight phishing
The Security Alliance (SEAL) launched a new tool called the Verifiable Phishing Reporter to fight advanced online scams. It lets security experts see scam websites exactly as victims do, making it easier to spot real threats. The tool uses verification technology to confirm reports are genuine and prevent scammers from hiding or altering harmful content.
This incident echoes earlier large‑scale scams, like the $6 billion Bitcoin Ponzi scheme run by Qian Zhimin, where thousands of Chinese investors were defrauded. Authorities managed to seize 61,000 Bitcoin valued at $7.4 billion, but identifying the true owners has turned the recovery of the stolen cryptocurrency into a big challenge.