- Crypto whale lost $35 million in fwDETH on the Blast network due to a phishing authorization attack
- The attacker drained 15,079 fwDETH, driving the token price from $2,000 down to $100
- The incident raised fresh security concerns in DeFi and prompted scrutiny of the Blast network
Recently, a crypto whale lost approximately $35 million worth of Few Wrapped Duo ETH (fwDETH) in a large-scale phishing attack on the Blast network. The incident was first spotted by Scam Sniffer and later corroborated by security firms PeckShield and BlockSec. The exploit occurred after the victim unknowingly signed a fake “permit” message, which allowed the attacker to drain funds from the victim’s wallet.
What is Few Wrapped Duo ETH (fwDETH)?
Few Wrapped Duo ETH, or fwDETH, is a wrapped version of Duo ETH (DETH), a derivative of Ethereum (ETH) issued by Duo, a decentralized finance (DeFi) protocol operating on the Blast network. The stolen holdings consisted of 15,079 fwDETH, representing a major loss for the whale whose wallet address has been identified as 0xEab2E…a393.
How was the phishing attack on Blast executed?
Security analysts report that the phishing attack relied on tricking the whale into signing an offline “permit” message. Such signed permits are commonly used in DeFi to authorize token transfers without directly exposing a private key. According to Yajin (Andy) Zhou, cofounder of BlockSec, the attacker exploited the signed permit to siphon fwDETH from the victim’s account. The immediate impact extended beyond the single whale: the price of DETH dropped sharply and triggered broader market reactions on the Blast network.
Within hours of the exploit, the market saw a dramatic sell-off. DETH’s price plunged by more than 38%, falling from $3,482 to $2,150 as the attacker liquidated the stolen tokens. Similarly, the price of fwDETH plummeted by over 90%, from around $2,000 to roughly $100, before partially recovering to about $1,000. The rapid depreciation sent shockwaves through the Blast ecosystem and the wider crypto community.
This phishing incident highlights the persistent security risks faced by crypto investors, particularly those holding significant digital asset positions. It underscores the importance of careful permit management, vigilant signature verification, and robust user education to prevent social-engineering attacks. In light of the exploit, both the Blast network and related protocols can expect intensified scrutiny from security auditors, users, and the broader DeFi community as stakeholders push for improved safeguards and mitigations against similar attack vectors.