On February 23, 2026, a significant security breach in the cryptocurrency space resulted in a user losing approximately $92,000 worth of XAUt (Tether Gold). The incident was triggered after the victim signed a malicious “#Permit” transaction. In digital asset management, a ‘Permit’ function allows a user to authorize a third-party address to interact with their tokens; in this instance, attackers exploited this mechanism to gain unauthorized access to the user’s funds.
🚨 GoPlus Security Alert
A user lost approximately $92K worth of XAUt after signing a malicious #Permit transaction.
📍 Victim address:
0x151D5F9c6892671df7bc267079Ba26733Da50023🎣 Phishing addresses:
0xAfb2423F447D3e16931164C9970B9741aAb1723E… pic.twitter.com/9ajrlag3s0— GoPlus Security 🚦 (@GoPlusSecurity) February 23, 2026
According to blockchain data, the theft occurred on February 21, 2026, at 06:05:35 PM (UTC). The victim’s wallet address, identified as 0x151D5F9c6892671df7bc267079Ba26733Da50023, was drained in two distinct stages. The first transaction involved the removal of 3.588307 XAUt (valued at approximately $18,320.53), followed by a second transfer of 14.353231 XAUt (valued at approximately $73,292.14).
The investigation has linked four primary phishing addresses to this attack, which can be tracked via Etherscan’s transaction records:
-
0xAfb2423F447D3e16931164C9970B9741aAb1723E
-
0x6eE62Ae8b3657AB1db5DE58e7410C0b77116a0B3
-
0xF06b3310486F872AB6808f6602aF65a0ef0F48f8
-
0xFD582d41fCC008FF5cbd2996043De3Ce25e7543e
The attackers utilized sophisticated phishing techniques to deceive the user into providing a digital signature, effectively bypassing direct transfer safeguards. This event serves as a stark reminder of how malicious attack exploits continue to evolve across different networks to target unsuspecting users.
In response to such incidents, GoPlus Security has emphasized a “Rule of Four” for investor safety. First, users are urged never to click on unknown or suspicious links. Second, the installation of unverified software on devices must be strictly avoided. Third, users must exercise extreme caution and thoroughly verify the details of any transaction or approval before signing. Finally, transferring funds to unverified or unknown addresses is strongly discouraged.
To mitigate the risks associated with these evolving threats, implementing real-time security monitoring has become a necessity for digital asset holders. By utilizing advanced security extensions, users can gain an automated layer of protection that identifies and intercepts suspicious transaction requests before they are executed. These tools are specifically engineered to flag high-risk approvals and prevent the signing of malicious signatures, significantly reducing the likelihood of falling victim to sophisticated phishing attempts in the decentralized landscape.
