Crypto User Loses $908,551 in 458-Day Phishing Attack

Generated by AI AgentCoin World
Saturday, Aug 2, 2025 9:32 pm ET1min read
Aime RobotAime Summary

- A crypto user lost $908,551 after a 458-day phishing attack exploited an old ERC-20 approval transaction.

- The scammer waited until the victim deposited $908,551 in USDC before draining the wallet on August 2, 2024.

- The attack highlights the risks of unrevoked token approvals, urging users to monitor permissions and use security tools like Etherscan’s Token Approval Checker.

- Such delayed phishing attacks are growing, with over $142M stolen in July alone, underscoring the need for improved security practices in crypto.

A cryptocurrency user recently lost $908,551 in a sophisticated phishing attack that exploited a long-standing approval transaction. On April 30, 2024, the victim unknowingly signed an ERC-20 approval transaction—likely through a phishing site or fake airdrop—that granted ongoing access to their wallet [1]. This malicious approval remained unnoticed for 458 days until the scammer, linked to the pink-drainer.eth wallet address, executed the theft on August 2 at 4:57am UTC, draining $908,551 worth of USDC [2].

The attack was not immediate. For months, the compromised wallet held little value and showed minimal activity. However, on July 2, the victim deposited $762,397 into the affected wallet from a MetaMask address, and shortly afterward, an additional $146,154 in USDC was transferred from a Kraken wallet [1]. This influx of funds likely prompted the scammer to act, executing the theft in a single, well-timed transaction.

This type of delayed attack is a hallmark of phishing approval scams. Rather than acting immediately, attackers wait for the victim’s wallet to accumulate significant value before draining it. This strategy minimizes their risk and maximizes their reward [2]. The victim's oversight in not reviewing or revoking the old approval left the wallet vulnerable, emphasizing the critical need for users to regularly monitor and manage token permissions.

Such incidents highlight a broader issue in the crypto space—users often neglect the long-term implications of seemingly minor transaction confirmations. In this case, the attacker did not need the victim’s private keys to execute the theft. Instead, they exploited a permission granted during a routine transaction, demonstrating how even small oversights can lead to major financial losses [1].

Ethereum users can mitigate these risks by using tools like Etherscan’s Token Approval Checker to review and revoke unnecessary approvals. However, it is important to note that each revocation requires a gas fee, which may deter some users from maintaining their security settings [2]. As phishing attacks become increasingly sophisticated, security remains a shared responsibility between platform developers and individual users.

The attack also reflects a growing trend in the crypto ecosystem. In July alone, over $142 million was stolen across at least 17 separate attacks, with one of the most notable incidents involving the exploitation of crypto exchange CoinDCX [1]. These figures underscore the need for continuous education and improved security practices within the digital asset space.

The victim’s loss serves as a cautionary tale for crypto users globally. As the adoption of blockchain-based assets increases, so does the complexity and frequency of cyber threats. Proactive measures—such as using hardware wallets, enabling multi-factor authentication, and staying informed about transaction approvals—are essential in safeguarding digital assets against evolving risks.

Source:

[1] Cointelegraph, Crypto victim loses $908K in sophisticated phishing attack

https://cointelegraph.com/news/crypto-victim-loses-908k-in-sophisticated-phishing-attack

[2] Coinfomania, $908K Stolen in Phishing Tied to 458-Day-Old Wallet

https://coinfomania.com/908k-stolen-in-phishing-tied-to-458-day-old-wallet-approval/

Comments



Add a public comment...
No comments

No comments yet