Analysis of Web3 Signature Phishing Techniques: From Authorization to Permit2

Recently, "signature phishing" has become one of the most favored attack methods among Web3 hackers. Despite security experts and wallet companies continuously spreading relevant knowledge, many users still fall into the trap every day. One of the main reasons for this situation is that most users lack understanding of the underlying logic of wallet interactions, and the learning curve is relatively high.

In order to help more people understand this issue, this article will explain the underlying logic of Web3 signature phishing in an easy-to-understand manner, especially for users who are not familiar with the technology.

First, we need to understand that there are mainly two operations when using a wallet: "signing" and "interacting". In simple terms, signing occurs off the blockchain (off-chain) and does not require paying Gas fees; while interacting occurs on the blockchain (on-chain) and requires paying Gas fees.

Signatures are usually used for authentication, such as logging into a wallet or connecting to a DApp. This process does not affect the blockchain, so there is no need to pay fees. Interaction, on the other hand, involves actual on-chain operations, such as token swaps on a DEX, which require payment of Gas fees.

After understanding the difference between signatures and interactions, let's take a look at several common phishing methods:

1. Authorized Phishing: This is a classic phishing technique. Hackers create a counterfeit website to lure users into authorizing actions. When users click buttons like "Claim airdrop," they are actually authorizing the hacker's address to operate their tokens. Although this method requires paying Gas fees, there are still users who may fall victim.

2. Permit signature phishing: Permit is an extension of the ERC-20 standard that allows users to authorize others to operate their tokens through signatures. Hackers can exploit this mechanism to lure users into signing a seemingly harmless message, which is actually a "note" authorizing the hacker to transfer the user's assets.

3. Permit2 Signature Phishing: Permit2 is a feature launched by a certain DEX, aimed at simplifying the user operation process. However, if a user has previously granted unlimited authorization to the Permit2 contract, hackers can exploit this for phishing attacks.

To prevent these phishing attacks, users can take the following measures:

1. Enhance security awareness and carefully check every wallet operation.
2. Separate large amounts of funds from the wallet used for daily transactions to reduce potential losses.
3. Learn to recognize the signature formats of Permit and Permit2, and be vigilant about signatures that contain information such as the address of the authorizer, the address of the authorized party, and the authorization amount.

In general, the essence of signature phishing is to诱导用户签署一个允许他人操作自己资产的"条子". Understanding these attack principles and staying vigilant is crucial for protecting one's digital assets.