Traditional approvals require you to submit a transaction to the blockchain and pay a gas fee. To solve this friction, Ethereum introduced the **ERC-2612 Permit** standard.
### How the Permit Standard Works
Instead of submitting an on-chain transaction, you sign an offline message (using EIP-712 structured data) with your private key.
* **Gasless:** This signing costs zero gas.
* **Off-chain delegation:** You give this signed message to a third-party application, and they submit it to the chain, paying the gas fee themselves to execute your approval.
### The Attack Vector
Because permit signatures cost no gas, users often sign them without reading the prompt details.
Phishing sites leverage this: they prompt you to sign a zero-gas message to ‘verify your wallet.’ Under the hood, this signature is actually an ERC-2612 Permit that approves the scammer’s contract to empty your wallet.