What is a Permit2 signature scam?

Permit2 is a Uniswap-built standard that lets dApps request token approvals via a signed message rather than an on-chain transaction. Gas-efficient, very convenient, and a gift to phishers.

The problem: a Permit2 signature can grant unlimited spending of a specific token to a specific address for a long expiry. From the wallet UI, it looks like an innocuous off-chain signature with no warning. Once you sign, the recipient can drain that token at any moment.

Safe practice: never sign a Permit or Permit2 message on a site you don't fully trust. If your wallet shows 'PermitSingle' or 'PermitBatch' on an unfamiliar dApp — reject and disconnect. Some wallets (Rabby, Frame) display these in a more readable form than MetaMask; that alone is a reason to use them when interacting with new dApps.