Crypto victim loses $908K in sophisticated phishing attack
A crypto user lost $908,551 to a wallet-draining scam 458 days after unknowingly signing a malicious approval transaction, onchain data shows.
The attack originated from an ERC-20 approval transaction — likely signed via a phishing site or fake airdrop — that gave the scammer’s wallet, “0x67E5Ae,” ongoing permission to access the victim’s funds.
The scammer — linked to the notorious pink-drainer.eth wallet address — executed the theft on Aug. 2 at 4:57am UTC, stealing $908,551 worth of the USDC (USDC) stablecoin, Scam Sniffer pointed out on X. The theft came 458 days after the victim signed the phishing approval transaction on April 30, 2024.
The security incident prompted Scam Sniffer to remind crypto users to “regularly review and revoke old approvals,” or else, hard-earned funds may be at risk.
“Your wallet security matters,” it added.
The scammer’s patience paid off
Until a month ago, the victim’s compromised wallet had seen minimal transaction activity and held little value — giving the attacker no incentive to act.
That changed on July 2, when the victim deposited $762,397 into the tainted wallet address, “0x6c0eB6,” from a MetaMask wallet at 8:41pm UTC.
Ten minutes later, another $146,154 in USDC was transferred into the same wallet from a Kraken wallet.
Related: $3.5B Bitcoin heist from 2020 retroactively uncovered — Arkham Intel
The scammer likely monitored the wallet over the next month, waiting to see if more funds would flow into it before deciding to drain the funds in a single transaction on Aug. 2.
This delayed strike is a defining trait of phishing approval attacks: scammers wait around for months, striking only when the victim’s wallet balance makes it worthwhile.
Tools already exist to prevent these attacks
To help prevent such attacks, Ethereum users can use Etherscan’s Token Approval Checker to review and revoke unnecessary token approvals — though each revocation requires a gas fee.
Bad actors and scammers stole over $142 million from the crypto space in July across at least 17 separate attacks, with the exploit of crypto exchange CoinDCX accounting for the most significant loss.
Magazine: Inside a 30,000 phone bot farm stealing crypto airdrops from real users
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitcoin May Face "The Last Drop": The Real Scenario of Liquidity Squeeze Is Unfolding
Bitcoin may be in the "final drop" stage of this correction. At the intersection where fiscal spending resumes and the next interest rate cut cycle begins, a new liquidity cycle will also be restarted.
Galaxy Research Report: What Is Driving the Rise of the Doomsday Vehicle Zcash?
Regardless of whether ZEC’s price strength can be sustained, this round of market rotation has successfully forced the market to reassess the value of privacy.
Asian stock markets plunge with circuit breakers triggered; Korea hits circuit breaker during trading, Nikkei falls below the 50,000 mark
Wall Street warns: This is just the beginning, and the panic triggered by the bursting of the AI bubble has only just started.
Only 0.2% of traders can exit at the bull market peak: The art of "smart exits" in the crypto cycle
Trending news
MoreCrypto prices
More
