HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

Trader loses $1M in Ethereum phishing token approval scam

Created at 9 Jul · 6:06 AM1 source↑ Market-relevant
IN SHORT

A cryptocurrency user lost nearly $1 million in USDT after signing a malicious token approval on the Ethereum network. This incident highlights the persistent threat of phishing scams in the crypto space, with scammers exploiting approval features to drain wallets.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

$1Mtrader loss in phishing scam
999,999 USDTexact amount stolen
$366 millionphishing losses in H1 2025
$723 milliontotal phishing losses in 2025
248phishing incidents in 2025
$14 billiontotal onchain scam revenue in 2025
$1.65 millionloss in a similar incident

Who's Involved

Scam Sniffer
alerted to the phishing scam and its mechanics
CertiK
reported phishing loss statistics for 2025
Ryan Coleman
researcher commenting on a similar incident
Chainalysis
reported on total onchain scam revenue and tactics
Renato Bastos
senior investigator at Chainalysis
MetaMask
launched live address poisoning detection

↳ Why This Matters

This incident underscores the ongoing and substantial financial risks associated with phishing and social engineering attacks in the cryptocurrency space, highlighting the need for enhanced user vigilance and security tools.

Key facts

  • A crypto user lost nearly $1 million in USDT due to a phishing token approval scam on Ethereum.
  • Scammers were able to drain the exact remaining balance after an initial failed attempt.
  • Phishing token approval scams trick users into granting malicious actors access to their wallets.
  • Onchain scams, including phishing, reportedly netted at least $14 billion in 2025.
  • MetaMask has introduced a feature to detect address poisoning attacks.

A cryptocurrency trader lost nearly $1 million in USDT on Wednesday after falling victim to a phishing token approval scam on the Ethereum network. The scam involved tricking the user into signing a malicious contract that granted attackers access to their wallet.

According to Scam Sniffer, the scammers initially attempted to drain approximately $1 million but were unsuccessful due to insufficient funds. However, they managed to extract the exact remaining balance of 999,999 USDT in subsequent transactions. This tactic exploits the trust users place in approval features, where a seemingly minor task can lead to the complete draining of a wallet.

Phishing remains a significant threat in the crypto industry. CertiK reported that phishing losses totaled $723 million across 248 incidents in 2025. Blockchain security firm Chainalysis noted that onchain scams, including investment scams where phishing plays a role, generated at least $14 billion in 2025. Scammers often reuse wallets, legitimate contract features, and cash-out routes, indicating a wider network of illicit activity.

In a similar incident earlier this month, a wallet holder reportedly lost $1.65 million after connecting to a fake exchange and signing a malicious contract. Researchers highlighted that such approvals can give attackers unlimited access, enabling automated fund sweeping. To combat these threats, Scam Sniffer advises users to meticulously check all signature requests, avoid rushed transactions, and utilize scam detection tools. Address poisoning, where scammers create similar-looking wallet addresses to trick users into sending funds to the wrong destination, is another attack vector. In response, popular wallet MetaMask has implemented live address poisoning detection.

Frequently asked questions

The trader lost 999,999 USDT, which is approximately $1 million.

It is a scam where malicious actors trick users into signing a transaction that grants them permission to access and drain funds from the user's cryptocurrency wallet.

Onchain scams reportedly generated at least $14 billion in 2025, with phishing being a significant attack vector.

Address poisoning is an attack where scammers create wallet addresses that closely resemble legitimate ones and send small amounts of crypto (dust) to trick users into sending funds to the scammer's address.

What Happens Next

01Users are advised to double-check all signature requests before approving.
02Users should avoid rushed transactions and utilize scam detection extensions.
03MetaMask's address poisoning detection tool will continue to compare pasted addresses with previously interacted ones.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

A crypto user lost 999,999 USDT in a phishing token approval scam on Ethereum.
Scammers initially attempted to drain $1 million but failed due to insufficient funds.
The attackers succeeded in draining the exact remaining balance in subsequent transfers.
Phishing losses totaled $723 million across 248 incidents in 2025, according to CertiK.
Onchain scams reportedly pulled in at least $14 billion in 2025, according to Chainalysis.
MetaMask launched live address poisoning detection in June.

Sources

T1
Trader loses $1M after signing phishing token approvalOnchain scammers netted more than $14 billion last year, and approval phishing remains a primary attack vector.Cointelegraph

Related Stories

AI accelerates crypto audit risks, researchers warn
9 Jul · 5:55 AM
Stablecoin-settled TradFi perpetuals top $1.1T in H1 2026: Binance Research
8 Jul · 5:35 PM
Trader Turns $85 Into $2 Million on Robinhood Chain Meme Coin
8 Jul · 5:06 PM
Mark Cuban-backed DeFi dashboard Zapper shutters after 7 years
9 Jul · 2:40 AM
ESMA to scrutinize crypto custody providers' operational resilience
8 Jul · 11:05 AM