Headline: Ethereum approval phishing drains nearly $1M after user signs malicious request A crypto wallet was emptied of 999,999 USDT (just under $1 million) after its owner signed a malicious token approval on Ethereum, according to blockchain security firm Scam Sniffer. The attack adds to a growing wave of approval-phishing incidents that have siphoned off hundreds of millions from users this year. How the theft unfolded - On Wednesday, the victim signed a seemingly routine approval request that in fact granted attackers permission to move tokens from the wallet. - Attackers first tried to pull a rounded $1 million via multicall transactions, but that transfer failed because the wallet’s balance was slightly lower than the amount requested. - Seconds later, the attacker script recalculated the exact remaining balance and successfully drained the wallet, leaving 999,999 USDT transferred out, Scam Sniffer reported. Why approval phishing works Security researchers call approval phishing one of the most persistent social-engineering threats in crypto. When users approve ERC-20 approvals (or malicious smart contracts), they can unintentionally grant unlimited spending permission—allowing attackers or automated “sweepers” to move funds without any further signatures or confirmations. Broader picture - CertiK, a blockchain security firm, says phishing scams accounted for $723 million in losses across 248 incidents during 2025, with many of those cases involving signed token approvals. - Earlier this month another user lost about $1.65 million after connecting to a fake exchange and signing a malicious contract; researcher Ryan Coleman noted that “the approval gave attackers unlimited access, enabling an automated sweeper to drain funds.” - In a separate on-chain risk this week, a trader lost nearly $2 million when a decentralized exchange routed an Ether swap through a low-liquidity pool, enabling a same-block arbitrage to extract most of the trade’s value—an incident GoPlus Security attributed to bad routing rather than phishing. Tips to protect your wallet Scam Sniffer and other researchers recommend: - Carefully review every signature and approval request before confirming. - Avoid rushing approvals and double-check the contract address and allowance amount. - Use wallet tools, browser extensions, or on-chain scanners that detect malicious contracts or unusually large/unlimited approvals. - Revoke unused or excessive token approvals regularly. The incident is another reminder that approving transactions on-chain requires as much caution as managing private keys: a single careless signature can be all an attacker needs to empty a wallet.
Ethereum Approval Phishing Drains 999,999 USDT (~$1M)
ChainGPTShare
Ethereum news broke as a wallet was drained of 999,999 USDT (~$1M) after a malicious token approval. Scam Sniffer reported the attacker first tried a multicall transfer but failed due to low balance. Seconds later, the attacker adjusted and stole the remaining funds. Approval phishing remains a major threat. CertiK noted $723M in losses from phishing in 2025, many via approvals. Users are urged to verify contract addresses and use detection tools. Altcoins to watch may also face similar risks if users don’t stay vigilant.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.
