July 09, 2026 ChainGPT

Approval Phish Drains 999,999 USDT — Wallet Nearly Emptied After Malicious Ethereum Signature

Approval Phish Drains 999,999 USDT — Wallet Nearly Emptied After Malicious Ethereum Signature
A crypto wallet was nearly emptied after its owner signed a malicious Ethereum approval request, allowing scammers to siphon 999,999 USDT — just shy of $1 million — in a classic token-approval phishing attack, blockchain security firm Scam Sniffer reported. What happened - The victim (address 0x8c949361b49320c48a51f4b1c6f9f83862530f89) signed a deceptive approval that granted attackers permission to move the wallet’s tokens. - Attackers first attempted to pull a rounded $1 million using multicall transactions but failed because the wallet balance was slightly under that amount. - Seconds later their script recalculated and successfully drained the exact remaining balance, Scam Sniffer said — an automated “sweeper” technique common in these scams. Why this works Approval-phishing remains one of the most effective social-engineering attacks in crypto because users often unknowingly grant unlimited spending permissions while thinking they’re approving an innocent transaction. Once granted, attackers can move funds without another signature. Context and scale - Blockchain security firm CertiK reports phishing scams caused $723 million in losses across 248 incidents during 2025, with many cases following the same token-approval pattern. - This incident follows other high-profile losses this month: one wallet lost about $1.65 million after connecting to a fake exchange and signing a malicious smart contract (researcher Ryan Coleman warned an approval enabled an automated sweeper), and another trader lost nearly $2 million when a swap was routed through a low-liquidity pool, enabling a same-block arbitrage attack (GoPlus Security attributed that loss to routing, not phishing). Protection advice Scam Sniffer and other researchers recommend: - Carefully review every signature and approval request; don’t rush. - Limit allowances when approving tokens (avoid “infinite” approvals). - Revoke unused or suspicious approvals using tools like Etherscan, Revoke.cash, or wallet-specific interfaces. - Use reputable scam-detection browser extensions and wallet security features, and verify contract addresses and execution paths before signing. - Consider hardware wallets for high-value holdings and disconnect dApps after use. This latest drain underscores how simple approval missteps can lead to large, automated losses onchain. Vigilance and better approval hygiene remain the most effective defenses. Read more AI-generated news on: undefined/news