Uniswap’s Permit2 feature, introduced to simplify token approvals and save on gas fees, has become a growing attack vector in the DeFi ecosystem. A recent phishing attack resulted in a PEPE token holder losing $1.39 million worth of assets after unknowingly signing a malicious Uniswap Permit2 transaction.
The Attack
The latest victim fell prey to a sophisticated phishing scheme that exploited the vulnerabilities of Uniswap’s Permit2 function. According to cybersecurity firm ScamSniffer, the victim unknowingly signed an off-chain Permit2 signature. Which granted attackers unrestricted access to their wallet. The stolen assets, including PEPE, Microstrategy (MSTR), and Apu (APU) tokens, were transferred to a new address within an hour of the approval.
Permit2, initially designed to enhance user experience by allowing multiple token approvals in one transaction. It has been targeted by scammers who trick users into signing malicious off-chain signatures. These signatures appear harmless but authorize attackers to perform two key actions: Permit and Transfer From. This allows them to take full control of the victim’s tokens without any immediate on-chain visibility.
Why Permit2 Phishing is Dangerous
The off-chain nature of Permit2 transactions makes this type of phishing attack especially dangerous. Because users don’t see any suspicious activity on the blockchain until the tokens are already transferred. The damage is done before they even realize something is wrong.
As ScamSniffer explains, this attack exploits the default settings in Permit2. Which grant access to a user’s entire token balance unless manually limited—a step that many users fail to take. Once the scammer has the signature, they quickly transfer the stolen tokens to their own address. Leaving the victim with substantial losses.
Permit2’s Double-Edged Sword
Uniswap introduced Permit2 in 2022 with the goal of reducing transaction friction and gas fees by allowing users to approve multiple tokens in one go. While the feature has undoubtedly improved user convenience, it has also created new vulnerabilities for phishing attacks.
In a typical Permit2 phishing attack, scammers lure victims through fake decentralized application (dApp) interfaces or phishing websites, convincing them to sign what looks like a routine approval. The signature allows scammers to drain wallets with just one off-chain authorization, leaving victims with no immediate warning signs.
As phishing attacks leveraging Uniswap’s Permit2 feature become more frequent, users must be cautious when interacting with off-chain signatures. Manually setting limits on token approvals and double-checking transaction details are crucial steps in avoiding such scams. The growing number of Permit2 phishing incidents highlights the need for greater security awareness in the DeFi space.
Bitcoin 
Ethereum 
Tether 
BNB 
Solana 
USDC 
XRP 
Lido Staked Ether 
Dogecoin 
TRON