Ethereum trader loses $1M to phishing token approval scam

Editorial illustration for: Trader loses $1 million after signing phishing token approval on Ethereum

In brief

  • Trader lost 999,999 USDT after approving malicious token contract via phishing link
  • Attackers drained exact remaining wallet balance through multicall exploit
  • Phishing losses reached $723 million across 248 incidents in 2025

How the attack unfolded

According to a Scam Sniffer alert, the victim lost 999,999 USDT to the phishing token approval scam. Scammers initially attempted to drain a rounded $1 million via multicalls but failed due to insufficient funds. They then succeeded by pulling the exact remaining balance in follow-up transfers.

Phishing token approvals have become a common crypto scam tactic involving social engineering. Victims falsely believe that clicking approve will only initiate a minor task, but malicious links give attackers approval to drain funds from the wallet. Earlier this month, a wallet holder reportedly lost $1.65 million after connecting to a fake exchange and signing a malicious contract.

The broader scam landscape

The scale of losses is staggering. Onchain scams pulled in at least $14 billion in 2025, according to Chainalysis. Phishing losses alone totaled $723 million across 248 incidents in 2025, per CertiK data. The industry recorded $366 million in phishing losses in the first half of the year alone.

Investment scams remained the dominant category of onchain scams, with approval phishing as a common execution method. Address poisoning is another attack vector that scammers use alongside phishing token approvals.

Defense measures emerging

Wallet providers are beginning to respond. MetaMask launched live address poisoning detection in June, a tool that compares each pasted address with addresses previously interacted with. Still, users remain the primary line of defense—scrutinizing contract addresses, verifying URLs, and understanding what approval transactions actually do before signing.

Frequently asked questions

What is a phishing token approval scam?

A phishing token approval scam uses social engineering to trick victims into clicking approve on a malicious contract. Victims believe they're authorizing a minor transaction, but the approval gives attackers unlimited access to drain funds from their wallet.

How much have phishing scams cost in 2025?

Phishing losses totaled $723 million across 248 incidents in 2025, according to CertiK. The industry recorded $366 million in phishing losses in the first half of the year alone. Onchain scams overall pulled in at least $14 billion in 2025.

What other attack vectors do scammers use?

Address poisoning is another common attack vector that scammers use alongside phishing token approvals. Investment scams remain the dominant category of onchain scams, with approval phishing as a common execution method.