GameStop Misses Q3 Revenue Estimates as Digital Shift Pressures Growth 
Azul Airlines Wins Court Approval for $2 Billion Debt Restructuring and New Capital Raise 
JD.com Pledges 22 Billion Yuan Housing Support for Couriers as China’s Instant Retail Competition Heats Up 
Air Transat Reaches Tentative Agreement With Pilots, Avoids Strike and Restores Normal Operations 
EssilorLuxottica Bets on AI-Powered Smart Glasses as Competition Intensifies 
ANZ Faces Legal Battle as Former CEO Shayne Elliott Sues Over A$13.5 Million Bonus Dispute 
SK Hynix Considers U.S. ADR Listing to Boost Shareholder Value Amid Rising AI Chip Demand 
Evercore Reaffirms Alphabet’s Search Dominance as AI Competition Intensifies 
SpaceX Reportedly Preparing Record-Breaking IPO Targeting $1.5 Trillion Valuation 
Westpac Director Peter Nash Avoids Major Investor Backlash Amid ASX Scrutiny 
Samsung SDI Secures Major LFP Battery Supply Deal in the U.S. 
ADB Approves $400 Million Loan to Boost Ease of Doing Business in the Philippines 
Intel’s Testing of China-Linked Chipmaking Tools Raises U.S. National Security Concerns 
Microsoft Unveils Massive Global AI Investments, Prioritizing India’s Rapidly Growing Digital Market 
CVS Health Signals Strong 2026 Profit Outlook Amid Turnaround Progress 
Nvidia Develops New Location-Verification Technology for AI Chips 
Rio Tinto Signs Interim Agreement With Yinhawangka Aboriginal Group Over Pilbara Mining Operations 
A recent scam on Telegram has been identified, enabling attackers to drain victims' crypto wallets without requiring confirmation for transactions, as reported by users and evidenced by blockchain data.
This scam targets tokens compliant with the ERC-2612 standard, allowing "gas-less" transfers or transfers without Ether (ETH) held in the wallet, ADVN revealed.
Despite not necessitating user approval for transactions, the scam involves tricking users into signing a message, raising concerns as more tokens adopt this standard.
Anonymous User Lost Over $600 Worth of Open Exchange Tokens
According to Cointelegraph, it received reports from a user who allegedly lost more than $600 worth of Open Exchange (OX) tokens after falling victim to a phishing scam on what appeared to be the official Telegram group for the token's developer, OPNX.
Upon joining the group, the user was prompted to connect their wallet to verify their identity, unwittingly providing access to their funds.
"The victim claimed that he never approved a single transaction from the page, yet his funds were stolen anyway," the report added.
In addition, the scam group replicated the Collab.Land Telegram verification system, utilizing a fake version to deceive users into connecting their wallets to malicious sites.
Blockchain data also revealed that the attacker exploited the "transferFrom" function on the OX token contract, an action typically authorized through a separate "approve" transaction by the owner, which was not evident in this case.
Cyberattacker Executed Permit Function on Token Contract
The attacker executed the "Permit" function on the token contract, setting themselves as the spender and the victim's account as the owner, ultimately draining the funds without the traditional approval process.
This exploit highlights a new feature of specific token contracts under the ERC-2612 standard, facilitating transactions without requiring ETH in the wallet.
However, scammers exploit this feature to deceive users into relinquishing their funds by signing messages granting attackers access.
"[It] can be used to change an account's ERC20 allowance (see IERC20.allowance) by presenting a message signed by the account. By not relying on IERC20.approve, the token holder account doesn't need to send a transaction, and thus is not required to hold Ether at all," Web3 developer OpenZeppelin claimed.
Photo: RDNE Stock Project/Pexels
