Back to Blog
Permit2 Signature Phishing: New Gasless Authorization Theft Attack - Blog Article Cover
Technical Security
2026-03-27
10 min read

Permit2 Signature Phishing: New Gasless Authorization Theft Attack

Permit2 and EIP-2612 signature phishing is sweeping through the crypto community. Just one signature, no gas fees, and your tokens can be drained. Learn the attack mechanism and prevention.

#Permit2#signature phishing#gasless authorization#EIP-2612#token theft#authorization attack

What is Permit2?

Permit2 is an authorization contract developed by Uniswap that allows offline signature authorization:

  • User signs authorization (no gas needed)
  • Third party submits transaction execution (pays gas)

    • Attack Mechanism Explained

    Why It's Dangerous

    Real Attack Case

    Case 1: Fake Uniswap Frontend

    In February 2026, attackers deployed a highly realistic Uniswap phishing website:

  • Domain: uniswqp.org (note spelling error)
  • Induced "claim UNI airdrop" which was actually Permit2 authorization signature
  • 47 victims, total loss $890,000

    • How to Identify Permit2 Phishing

    Pre-Signature Checklist

    1**spender address** - If it's an unfamiliar address, stop immediately
    2**amount field** - If it shows extremely large numbers, this is unlimited authorization
    3**domain.name** - Confirm it's the official Permit2 contract

    Security Tools

  • Fire (fire.xyz) - Wallet security plugin
  • Pocket Universe (pocketuniverse.app) - Transaction preview
  • Revoke.cash - Authorization checking

    • Emergency Response If Phished

    1Use revoke.cash to revoke Permit2 authorization
    2If attacker hasn't acted yet, immediately transfer assets to new address

    ---

    Victim of Permit2 Phishing? Time is critical! Our technical team can assist with emergency revocation and tracking attacker addresses.

    [Emergency Technical Support](/contact)

    相关文章推荐

    Scam Prevention

    How to Identify Fake Exchanges? 2026 Complete Anti-Scam Guide

    Fake exchanges are the most common type of scam in the cryptocurrency space, causing hundreds of millions of dollars in losses annually. This article details 15 key signals for identifying fake exchanges, practical checking tools, and prevention strategies to help you protect your digital assets.

    2026-04-03
    阅读
    Scam Prevention

    AI Deepfake Scams Exposed: How to Spot Fake Videos and Voice Calls Stealing Your Crypto

    The most dangerous crypto scam of 2025: AI deepfake technology. Learn to identify fake video calls and cloned voices before you lose your USDT.

    2026-03-29
    阅读
    Scam Prevention

    Telegram Trading Bot Scams Surge: How to Identify Fake Trading Bots

    Telegram trading Bot scams are spreading rapidly. Scammers impersonate popular Bots like GMGN and Banana Gun to steal funds after users connect wallets. Learn to identify and prevent.

    2026-03-28
    阅读

    Need Help?

    If your crypto assets have been stolen, contact us for a free consultation.

    Telegram Consult