The off-chain signature that cost $84,000
December 2024. A holder in Denver visits a "new DEX with zero fees" promoted on a Telegram alpha group. The site requests a signature labeled Permit — no transaction, no gas, no MetaMask warning. He signs.
Eleven seconds later, his 84,000 USDC balance is gone. The Permit signature gave a third-party address the right to spend his entire USDC balance, and the drainer called transferFrom the instant the signature was relayed.
Why EIP-2612 Permit is so dangerous
EIP-2612 was designed to save gas: instead of a separate approve transaction, a user can sign a message off-chain, and the spender includes that signature when calling the contract. The signature is gasless and looks harmless — MetaMask shows a structured-data prompt, not a transaction. But the effect is identical to an unlimited approval. And because nothing was broadcast on-chain when you signed, revoke.cash cannot detect the pending threat.
The four signature labels that should freeze you
Permit— EIP-2612, ERC-20 gasless approval.PermitSingle/PermitBatch— Uniswap's Permit2 contract, even more powerful.setApprovalForAll— NFT collection-wide approval.0x1626ba7e(or any raw hex) — generic typed-data; the wallet cannot tell you what you are signing.
If a wallet screen shows any of these and the site is not a verified mainstream protocol you have used before, reject the signature and close the tab.
The legitimate uses
Real Permit usage exists: Uniswap, 1inch, CowSwap, and several major lending protocols use Permit and Permit2 to save users gas. The defense is not "never sign Permit" — it is "only sign Permit on the URL you typed yourself, on a protocol you have used multiple times before."
If you signed and funds are still there
You have minutes, not hours. Open the same wallet, send the entire token balance to a fresh wallet you control. The Permit signature gives the attacker the right to transfer, but they cannot stop you from transferring first. Speed wins.