July 09, 2026 ChainGPT

Approval Phishing Drains 999,999 USDT (~$1M) After User Signs Malicious Request

Approval Phishing Drains 999,999 USDT (~$1M) After User Signs Malicious Request
Headline: Ethereum approval phishing drains nearly $1M after user signs malicious request A crypto wallet was emptied of 999,999 USDT (just under $1 million) after its owner signed a malicious token approval on Ethereum, according to blockchain security firm Scam Sniffer. The attack adds to a growing wave of approval-phishing incidents that have siphoned off hundreds of millions from users this year. How the theft unfolded - On Wednesday, the victim signed a seemingly routine approval request that in fact granted attackers permission to move tokens from the wallet. - Attackers first tried to pull a rounded $1 million via multicall transactions, but that transfer failed because the wallet’s balance was slightly lower than the amount requested. - Seconds later, the attacker script recalculated the exact remaining balance and successfully drained the wallet, leaving 999,999 USDT transferred out, Scam Sniffer reported. Why approval phishing works Security researchers call approval phishing one of the most persistent social-engineering threats in crypto. When users approve ERC-20 approvals (or malicious smart contracts), they can unintentionally grant unlimited spending permission—allowing attackers or automated “sweepers” to move funds without any further signatures or confirmations. Broader picture - CertiK, a blockchain security firm, says phishing scams accounted for $723 million in losses across 248 incidents during 2025, with many of those cases involving signed token approvals. - Earlier this month another user lost about $1.65 million after connecting to a fake exchange and signing a malicious contract; researcher Ryan Coleman noted that “the approval gave attackers unlimited access, enabling an automated sweeper to drain funds.” - In a separate on-chain risk this week, a trader lost nearly $2 million when a decentralized exchange routed an Ether swap through a low-liquidity pool, enabling a same-block arbitrage to extract most of the trade’s value—an incident GoPlus Security attributed to bad routing rather than phishing. Tips to protect your wallet Scam Sniffer and other researchers recommend: - Carefully review every signature and approval request before confirming. - Avoid rushing approvals and double-check the contract address and allowance amount. - Use wallet tools, browser extensions, or on-chain scanners that detect malicious contracts or unusually large/unlimited approvals. - Revoke unused or excessive token approvals regularly. The incident is another reminder that approving transactions on-chain requires as much caution as managing private keys: a single careless signature can be all an attacker needs to empty a wallet. Read more AI-generated news on: undefined/news