Crypto user clicks "approve," approves a $999,999 goodbye 👋
A crypto wallet holder lost 999,999 USDt (USDT) on Wednesday after signing a phishing token approval on Ethereum, according to onchain data flagged by Scam Sniffer on Thursday. The attackers initially attempted to drain a rounded $1 million through multicalls but failed due to insufficient funds, then succeeded seconds later by pulling the exact remaining balance in follow-up transfers. "The script recalculated and pulled the exact remaining balance," Scam Sniffer said. Etherscan records show the funds were extracted in three transactions.
Social engineering through phishing token approvals has become a common crypto scam tactic, in which a victim believes clicking "approve" will initiate a minor task, while the malicious link instead grants the attacker permission to drain funds from the wallet. Scam Sniffer advised crypto users to double-check all signature requests before approving, avoid rushed transactions and use tools such as scam detection extensions.
The incident adds to a sharp rise in industry-wide losses. Phishing losses totaled $723 million across 248 incidents in 2025, according to CertiK, while Scam Sniffer recorded $366 million in phishing losses in the first half of the year. Earlier this month, a separate wallet holder reportedly lost $1.65 million after connecting to a fake exchange and signing a malicious contract. "The approval gave attackers unlimited access, enabling an automated sweeper to drain funds," researcher Ryan Coleman said on Friday.
Blockchain security firm Chainalysis reported in June that onchain scams pulled in at least $14 billion in 2025, with investment scams remaining the dominant category. "Scammers reuse the same wallets, legitimate approval features from contracts, and cash-out routes across victims, which means each report exposes a wider network," said Renato Bastos, a senior investigator at Chainalysis. France has separately said it will strengthen its response as crypto wrench attacks have reached 77 incidents.
Address poisoning remains a parallel threat alongside approval phishing, with scammers creating look-alike wallet addresses and sending tiny "dust" transfers so users mistakenly send funds to the wrong destination. Popular Ethereum wallet MetaMask launched live address poisoning detection in June, a tool that compares each pasted address with addresses the wallet has previously interacted with.
Mentioned Coins
Share Article
Quick Info
Disclaimer: This content is for information and entertainment purposes only. It does not constitute financial, investment, legal, or tax advice. Always do your own research and consult with qualified professionals before making any financial decisions.
See our Terms of Service, Privacy Policy, and Editorial Policy.