Currencies38131
Market Cap$ 2.28T+2.02%
24h Spot Volume$ 27.13B-18.1%
DominanceBTC56.40%+0.40%ETH9.48%+0.59%
ETH Gas0.11 Gwei
Cryptorank
/

Crypto User Loses $999,999 in USDT to One Phishing Signature: How to Stay Safe

Crypto User Loses $999,999 in USDT to One Phishing Signature: How to Stay Safe

Share:

AI Overview

An Ethereum phishing attack drained $999,999 in USDT after a user signed a fraudulent token approval, with attackers using Multicall to move and split funds across blocks 25489460 and 25489463 into three transactions. The case underscores persistent DeFi token-approval phishing and unlimited-allowance risks—reportedly tied to a 200% jump in phishing losses this year—and prompts security advice to verify signatures, check contract addresses and regularly revoke approvals.

Bearish

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

In Brief

  • A crypto user lost $999,999 in USDT to an Ethereum phishing attack.
  • Ethereum blocks 25489460 and 25489463 recorded the fund-splitting transactions.
  • Scam Sniffer says attackers used Multicall to exploit unlimited allowances.

An unidentified crypto user lost $999,999 in USDT to an Ethereum phishing attack after signing a fraudulent token approval request.

On-chain records show the attackers split the stolen funds into three transactions. The transfers landed inside Ethereum blocks 25489460 and 25489463 within minutes of the signature.

Token approval phishing remains one of the most persistent threats in decentralized finance. Attackers do not need a victim’s private keys to steal funds. Instead, they trick users into signing a request that grants a contract broad access to a token. The approval then stays active until someone revokes it.

Inside the Ethereum Phishing Attack

This pattern has hit crypto users repeatedly through 2026. The victim’s wallet held an unlimited allowance for the token, which gave the attacker room to act without any further confirmation. In May, a fake Uniswap phishing site drained roughly $400,000 from several wallets after visitors approved a malicious contract. A fake airdrop approval scam hit a HyperSwap user in a similar fashion this month. The scam drained his wallet within seconds of a single click.

Scam Sniffer. Source: X

Multicall Functions Sped Up the Theft

In this case, the attacker used Multicall functions to bundle several actions into one transaction. This structure lets the attacker move the approved USDT in seconds. The funds are then split into three separate outputs almost immediately.

In turn, that speed narrowed the victim’s window to revoke the approval. The wallet’s private keys stayed untouched throughout the attack. As a result, standard wallet alerts rarely flag this kind of exploit.

The method echoes tactics behind recent wallet address poisoning scams, where attackers exploit transaction structure rather than credential theft. Scam Sniffer also tied a 200 percent jump in phishing losses this year to a shift toward high-value wallets.

Security Analysts Urge Signature Caution

Following the theft, Scam Sniffer analysts renewed calls for crypto users to verify every signature request before confirming it. The firm recommends checking the exact contract address and permission scope that a wallet displays. Users should avoid approving requests by default. Revoking unused or unlimited approvals on a regular basis remains one of the simplest defenses against this attack type.

The incident also echoes a MetaMask phishing campaign uncovered in January, which used fake two-factor prompts to bypass user suspicion entirely. Wallet providers keep adding protections. Still, analysts note that no interface change fully replaces a careful read of what a signature actually authorizes.

The gap between one signature and a drained wallet keeps narrowing for Ethereum users as phishing tactics grow more automated.

Read the article at BeInCrypto
Read the article at BeInCrypto

In This News

Coins

$ 1.80K

+2.63%

$ 0.99917

+0.01%

$ 3.60

+7.12%

Funds

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Coins

$ 1.80K

+2.63%

$ 0.99917

+0.01%

$ 3.60

+7.12%

Funds

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

Global INTERPOL Crackdown Exposes Crypto Laundering Behind Romance Scams

Global INTERPOL Crackdown Exposes Crypto Laundering Behind Romance Scams

In Brief Thai police uncovered a $122M crypto wallet laundering romance scam money. ...
52% of Investors Bought STRC and SATA Below $100 Par, Survey Finds

52% of Investors Bought STRC and SATA Below $100 Par, Survey Finds

In Brief Over half of surveyed investors bought STRC or SATA after prices fell below...