{"schema":"immunity/antibody-envelope/v1","keccakId":"0x3c57e20d9b3588e26f6f2ada3eccde30886d103ed5792ca2ee24c642d9b106eb","immId":"","abType":"SEMANTIC","flavor":1,"publisher":"0xd467b8269d9f6c856e91c1df12898b9d0f874ef4","createdAt":"2026-04-30T03:44:43.493Z","reasonSummary":"The email exhibits classic phishing + permit-signature exploit mechanics: false urgency (24h deadline), impersonated refund authority, and a request to sign a permit without revealing the actual transaction data. The proposed tx encodes an ERC20 transfer to an unfamiliar address (0x39D4...), strongly indicating token theft disguised as a refund. The social engineering combines authority (refund framing) and time pressure to bypass user scrutiny.","matcher":{"kind":"semantic","flavor":"MANIPULATION","markerHint":"sign this permit so we can refund you faster"}}