/Permit-Phishing

The demonstration of a fake EIP2612 signature for stealing ERC20 tokens with Permit2

Primary LanguageJavaScript

Permit-Phishing

This is the implementation of the fake signature scam that is potentially could be used by hackers to steal ERC20 tokens. Exclusivelly for my article: link (click)

This is only for educational purposes!!

Permit1

The first scam is the fake EIP2612 signature that is working with ERC20 tokens that have Permit functionality implemented in their smart-contract. Here's the full list of ERC20 tokens that could be stolen with that code: full list (click)

Permit2

This scam is created for the new Uniswap's smart-contract: Permit2 With the code you can find in permit2 folder, you can steal any ERC20 token that is approved to the Permit2 smart-contract

The implementation is really basic because it's a quick demo that I made for my article. However I think that scammers will create a much better solution in the near future.

Have any questions?

If you don't understand something about the implementation or how to run it on your own machine, go see the article or reach me out in telegram: @romanrakhlin

Hope you like this repo and my article. I would really appreciate if you leave a start on this repo!