User Loses Almost $1M to 458-Day-Old Phishing Approval Scam

With crypto users repeatedly plagued by oversight, scammers continue to operate in the guise of support agents to steal funds.

Ephraim Emmanuel

Last updated:

2 August 2025 @ 22:31 UTC

Why Trust CTW

CTW is a fresh voice in the world of cryptocurrency, offering clear and insightful coverage of the ever-evolving digital asset landscape. Backed by a team of passionate writers and crypto enthusiasts, we dive deep into market trends, emerging technologies, and innovative blockchain projects. We hope to become your go-to source for up-to-date information in this fast-paced industry.

Share

A cryptocurrency user has lost over $1 million due to a phishing scam that exploited a smart contract approval that had been active for an alarming 458 days.

Blockchain security platform Scam Sniffer reported that the attacker employed a malicious tool known as a “crypto drainer” to swiftly siphon funds directly from the victim’s wallet.

Crypto User Loses Almost $1M

A scammer stole nearly $1 million from a crypto user by exploiting a phishing approval that was signed 458 days ago, according to Scam Sniffer. The user unknowingly gave permission to a harmful smart contract, likely through a fake website made to look real.

This approval lets the scammer access the user’s wallet using a tool called a “crypto drainer,” which automatically transfers funds by using permissions that have not been revoked. The scammer waited over a year for the user to forget about the approval before draining the wallet without further action needed.

This scam tactic mirrors a July 18, 2025, case where a user lost $1.06 million in $sUSDf and $USDe tokens after falling for a phishing scam. The attacker tricked the user into signing fake digital signatures, which gave them access to the investor’s wallet.

Costly Impact of Oversight

Since May 2021, scams have stolen around $1 billion in the crypto market by exploiting dormant smart contract permissions. Scam Sniffer highlights that crypto drainers deceive users into granting unauthorized access to their wallets through fake websites and phishing prompts.

In 2025, scammers have been impersonating support agents and creating fake NFT minting sites to trick users into harmful contracts. One incident on July 29 involved a scammer stealing 4.35 BTC (worth $520,000) by selling a counterfeit imToken hardware wallet on JD.com. The victim had bought the wallet from a now-closed shop and transferred their Bitcoin from the OKX exchange just three days earlier.

The emotional impact on victims is significant. For many, crypto has represented years of hard work and hopes for a secure future. Losing it can be devastating. As these scams become more complex, users will need to stay informed and take steps to protect their valuable crypto investments.