On March 20, security monitoring revealed that a 0x9709 address signed malicious Permit and Approve requests, leading to approximately $200,000 worth of USDC and wmtUSDT being stolen. This incident highlights the inherent risks of on-chain authorization.
Understanding On-Chain Authorization Risks
Permit and Approve transactions allow smart contracts to operate on user assets. However, signing a malicious request can immediately compromise funds. Attackers often craft fraudulent contracts to trick users into authorizing, then swiftly transfer the assets to controlled addresses.
Common Attack Techniques
In this case, the attacker used sophisticated malicious requests to induce user approval. The authorized funds were then split across multiple transactions, complicating tracking. Such attacks are prevalent not only on ERC-20 tokens but also across stablecoins and DeFi platforms.
How KYT Detects Abnormal Authorizations
KYT (Know Your Transaction) systems use real-time on-chain analysis and address behavior monitoring to detect suspicious authorization patterns. The system provides risk scoring, flags high-risk contracts, and issues alerts before potential loss occurs.
Trustformer KYT offers multi-chain monitoring and dynamic risk assessment, enabling users to identify malicious authorization requests early and mitigate potential asset theft.
Enhancing On-Chain Transaction Security
Users should always verify contract addresses and transaction details before signing any on-chain authorization. Coupling this with a KYT monitoring system allows continuous surveillance and rapid detection of abnormal activity.
Conclusion
This incident demonstrates the high risks associated with on-chain authorizations. Leveraging Trustformer KYT for real-time transaction monitoring and risk analysis empowers both institutions and individuals to enhance digital asset security and prevent losses from malicious operations.