Back to Blog
Permit2 Signature Phishing: New Gasless Authorization Theft Attack - Blog Article Cover
Technical Security
2026-03-27
10 min read

Permit2 Signature Phishing: New Gasless Authorization Theft Attack

Permit2 and EIP-2612 signature phishing is sweeping through the crypto community. Just one signature, no gas fees, and your tokens can be drained. Learn the attack mechanism and prevention.

#Permit2#signature phishing#gasless authorization#EIP-2612#token theft#authorization attack

What is Permit2?

Permit2 is an authorization contract developed by Uniswap that allows offline signature authorization:

  • User signs authorization (no gas needed)
  • Third party submits transaction execution (pays gas)

    • Attack Mechanism Explained

    Why It's Dangerous

    Real Attack Case

    Case 1: Fake Uniswap Frontend

    In February 2026, attackers deployed a highly realistic Uniswap phishing website:

  • Domain: uniswqp.org (note spelling error)
  • Induced "claim UNI airdrop" which was actually Permit2 authorization signature
  • 47 victims, total loss $890,000

    • How to Identify Permit2 Phishing

    Pre-Signature Checklist

    1**spender address** - If it's an unfamiliar address, stop immediately
    2**amount field** - If it shows extremely large numbers, this is unlimited authorization
    3**domain.name** - Confirm it's the official Permit2 contract

    Security Tools

  • Fire (fire.xyz) - Wallet security plugin
  • Pocket Universe (pocketuniverse.app) - Transaction preview
  • Revoke.cash - Authorization checking

    • Emergency Response If Phished

    1Use revoke.cash to revoke Permit2 authorization
    2If attacker hasn't acted yet, immediately transfer assets to new address

    ---

    Victim of Permit2 Phishing? Time is critical! Our technical team can assist with emergency revocation and tracking attacker addresses.

    [Emergency Technical Support](/contact)

    相关文章推荐

    Scam Prevention

    AI Deepfake Scams Exposed: How to Spot Fake Videos and Voice Calls Stealing Your Crypto

    The most dangerous crypto scam of 2025: AI deepfake technology. Learn to identify fake video calls and cloned voices before you lose your USDT.

    2026-03-29
    阅读
    Scam Prevention

    Telegram Trading Bot Scams Surge: How to Identify Fake Trading Bots

    Telegram trading Bot scams are spreading rapidly. Scammers impersonate popular Bots like GMGN and Banana Gun to steal funds after users connect wallets. Learn to identify and prevent.

    2026-03-28
    阅读
    Web3 Security

    AI-Generated Scams Rampant in Web3: How to Identify Fake Customer Service

    AI technology is being exploited by scammers to generate convincing fake customer service agents and phishing websites. Learn to identify the latest AI-generated scam tactics.

    2026-03-16
    阅读

    Need Help?

    If your crypto assets have been stolen, contact us for a free consultation.

    Telegram Consult