A cryptocurrency investor lost $3 million in USDt after unknowingly signing a malicious blockchain transaction, underscoring the growing threat of digital asset phishing scams.
The entire sum was drained in a single click after the investor failed to verify the contract address before authorizing the transaction.
“Someone fell victim to a phishing attack, signed a malicious transfer, and lost 3.05M $USDT,” blockchain analytics platform Lookonchain reported in a post on X Wednesday. “Stay alert, stay safe. One wrong click can drain your wallet. Never sign a transaction you don’t fully understand.”
Crypto phishing attacks rely on social engineering tactics, where attackers distribute deceptive links to trick victims into revealing sensitive data—such as private keys to their crypto wallets.
In this case, like many investors, the victim likely confirmed the wallet address by checking only the first and last few characters, a common but risky practice. The critical differences—hidden in the middle—often go unnoticed, especially as some platforms truncate addresses for visual clarity.
Emphasizing the urgent need for greater investor caution, another incident emerged on Sunday: a victim lost over $900,000 in digital assets to a sophisticated phishing scam. According to reports, the attack exploited a malicious approval transaction signed unknowingly 458 days earlier, allowing scammers to eventually drain the wallet.
These losses are minor compared to the staggering $71 million stolen in a wallet poisoning scam in May 2024. In a surprising twist, the scammer returned the full amount just two weeks later, reportedly succumbing to mounting pressure from global blockchain investigators who had traced a potential IP address linked to the attacker in Hong Kong.
Crypto phishing attacks emerge as top security threat of 2024
Hackers are increasingly targeting human behavior rather than technical vulnerabilities, finding it easier to exploit psychology than breach well-secured protocols.
Phishing emerged as the most damaging attack vector in the crypto space in 2024, with attackers stealing over $1 billion in digital assets across 296 incidents, according to CertiK’s annual Web3 security report.
Among these nearly 300 phishing attacks, at least three led to losses exceeding $100 million each.
“Phishing was the most costly attack vector last year,” a CertiK spokesperson told Cointelegraph. “Our figures are conservative—the real number is likely higher when factoring in unreported cases and other forms of phishing, such as pig butchering scams.”
In response to the rising threat, Binance—the world’s largest crypto exchange—introduced a countermeasure against address poisoning scams. According to a May 2024 report by Cointelegraph, Binance’s security team launched an algorithm that successfully identified nearly 15 million poisoned wallet addresses.
