Beware of malicious permission traps: Users are phished and 12 LBTC are stolen, with losses exceeding one million USD

GasWrangler · 2026-01-03T13:40:10+00:00

On-chain security monitoring platform detects an attack involving contract interaction. A user lost 12 Aave Ethereum LBTC tokens due to mistakenly signing a phishing contract, resulting in a loss of approximately $1.08 million. The attacker quickly exchanged and laundered the funds. Users are reminded to stay vigilant against unfamiliar authorization requests.

GasWrangler

2026-01-03 13:40:10

Abstract generation in progress

【CryptoWorld】On-Chain Security Monitoring Platform recently detected a serious smart contract interaction attack. A user, while interacting with a phishing contract, inadvertently signed a malicious transaction disguised as a normal “permission” approval, resulting in the theft of 12 Aave Ethereum LBTC(aEthLBTC) from the account, with total losses of approximately $1.08 million.

According to security team analysis, this phishing group’s method is not a complex mainstream scheme within the industry, but their execution is quite swift—after stealing the funds, they immediately exchanged them for ETH, then used the privacy mixing tool Tornado Cash to launder the funds, attempting to cut off on-chain traceability. This “quick swap → mixing” escape routine is becoming increasingly common.

A reminder to everyone: always think carefully before signing contract permissions, especially for unfamiliar authorization requests. Make sure to check which contract you are interacting with and whether the permission amount is abnormal. These details are often the line of defense.

ETH1,84%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

21 Likes

Reward
21
5
Repost
Share

Comment

0/400

BearMarketSurvivor

· 01-05 23:42

It's another licensing trap, and $1,080,000 is gone just like that. What was this guy thinking? He didn't even read what he was signing before taking action. On the battlefield, the biggest loss isn't losing to the enemy, but losing to one's own greed. The old saying "think twice before acting" has been around for hundreds of years, yet some people still don't listen.

View OriginalReply0

BrokeBeans

· 01-04 18:57

It's another licensing trap, these scammers are really incredible. Signing permissions can cost you 1.08 million; I just want to know what this guy is thinking. Despite daily reminders, some people still walk into the trap; how can we save them? Tornado Cash is back, and the mixing tricks are so common now. I think we need to study what phishing websites look like, so we don't get scammed again. You really need to read the licensing limits carefully; otherwise, you'll lose everything with just one sign. This team isn't very sophisticated; they just cash out quickly, but it does work. 12 LBTC, how long will it take to break even... When interacting with contracts, keep your eyes open; otherwise, you'll be the next one to get scammed.

View OriginalReply0

TokenomicsTherapist

· 01-03 14:10

It's another licensing trap; losing 1.08 million is really frightening. Not reading carefully before signing will eventually lead to losses. The Tornado mixing method is truly hard to defend against. Every day someone gets phished; when will they learn? It's only their own fault for approving without waiting two seconds. This low-level tactic is actually the easiest to succeed with, ironic. 12 LBTC just disappeared like that; I don't even know what to say. The defense is in the details, but many people just can't see it.

View OriginalReply0

LightningAllInHero

· 01-03 14:08

It's another permit trap; this move is getting more and more ruthless. Just signing a permit and it's gone; you really need to be more careful. 1.08 million directly wasted; this guy must be crying his eyes out. Tornado's escape process is becoming more and more proficient; it's hard to defend against. Why are so many people jumping into phishing contracts?

View OriginalReply0

SmartContractPlumber

· 01-03 14:00

There are still people who have been caught in this low-level fishing technique, which is really a sigh. The key is that the awareness of authority control is too poor, and if you don't do an audit and sign directly, you deserve to be cut.

View OriginalReply0