Trader lost ~$1M (999,999 USDT) after signing a malicious Uniswap Permit2 phishing message that granted attackers full wallet access; no protocol was hacked — a single bad signature caused the loss.
On July 9, 2026, a trader lost approximately $1M (999,999 USDT) after signing a malicious Uniswap Permit2 phishing message that granted attackers full wallet access. No protocol was hacked — the loss resulted from a single bad signature. Attackers retried after an initial failed $1M multicall, recalculating the exact balance 36 seconds later. A separate victim lost $196K in $VIRTUAL token via the same mechanism. Approval phishing has caused more than $1B in losses since 2021.
Stolen USDT moved from victim wallet after Permit2 approval. A separate victim lost $196K in $VIRTUAL token via the same mechanism. No recovery reported at time of writing.
N/A