Got stolen after signing a message? Those who have used Uniswap, please be careful! Let Beosin demystify Permit2 phishing

This article is completed by Bocai Bocai (twitter@wzxznl), independent researcher, and Sivan, Beosin security researcher.

Hackers scare everyone in the Web3 ecosystem. For crypto projects, they are afraid of writing a wrong line of code when developing because of the open-source nature of Web3. Once a security incident occurs, the consequences will be difficult to bear.

Personally, every on-chain interaction or signature that you make has the potential to have your assets stolen if you don’t understand what you’re doing. Therefore, security issues have always been one of the most troublesome issues in Web3. Due to the characteristics of the blockchain, once assets are stolen, there is almost no way to recover them so it is especially important for users to have security knowledge.

Bocai Bocai discovered a new phishing method that has been active in the past two months. As long as you sign a message, your assets are stolen, which is extremely hidden and difficult to prevent. Addresses that have interacted with Uniswap may be exposed to risk. In this article, Bocai and Beosin will analyze this signature phishing and try to help everyone avoid asset losses.
Read the full story: