Key facts
- A crypto user lost nearly $1 million in USDT due to a phishing token approval scam on Ethereum.
- Scammers were able to drain the exact remaining balance after an initial failed attempt.
- Phishing token approval scams trick users into granting malicious actors access to their wallets.
- Onchain scams, including phishing, reportedly netted at least $14 billion in 2025.
- MetaMask has introduced a feature to detect address poisoning attacks.
A cryptocurrency trader lost nearly $1 million in USDT on Wednesday after falling victim to a phishing token approval scam on the Ethereum network. The scam involved tricking the user into signing a malicious contract that granted attackers access to their wallet.
According to Scam Sniffer, the scammers initially attempted to drain approximately $1 million but were unsuccessful due to insufficient funds. However, they managed to extract the exact remaining balance of 999,999 USDT in subsequent transactions. This tactic exploits the trust users place in approval features, where a seemingly minor task can lead to the complete draining of a wallet.
Phishing remains a significant threat in the crypto industry. CertiK reported that phishing losses totaled $723 million across 248 incidents in 2025. Blockchain security firm Chainalysis noted that onchain scams, including investment scams where phishing plays a role, generated at least $14 billion in 2025. Scammers often reuse wallets, legitimate contract features, and cash-out routes, indicating a wider network of illicit activity.
In a similar incident earlier this month, a wallet holder reportedly lost $1.65 million after connecting to a fake exchange and signing a malicious contract. Researchers highlighted that such approvals can give attackers unlimited access, enabling automated fund sweeping. To combat these threats, Scam Sniffer advises users to meticulously check all signature requests, avoid rushed transactions, and utilize scam detection tools. Address poisoning, where scammers create similar-looking wallet addresses to trick users into sending funds to the wrong destination, is another attack vector. In response, popular wallet MetaMask has implemented live address poisoning detection.