Cryptocurrency Investor Loses $3 Million with a Single Click

A user signed a malicious transaction without verifying the smart contract address, resulting in a loss of $3.05 million, according to analysts at Lookonchain.

Someone fell victim to a phishing attack, signed a malicious transfer, and lost 3.05M $USDT!

Stay alert, stay safe. One wrong click can drain your wallet.

Never sign a transaction you don’t fully understand.

Double-check the URL, double-check all signature requests

Verify… pic.twitter.com/39YYe1LAoz

— Lookonchain (@lookonchain) August 6, 2025

“Stay alert and stay safe. One wrong click can drain your wallet. Never sign a transaction you don’t fully understand,” warned the analysts.

The phishing attack employed a common tactic: fraudsters create fake addresses or links that mimic legitimate ones.

According to experts, the victim authorized a transfer to a fraudulent address that matched the real one at the beginning and end. The middle part, often hidden by wallets for convenience, was different.

The perpetrator transferred 3,087,821 aEthUSDT (approximately $3.05 million) from the victim to two wallets. He then sent $2.6 million to several other addresses, exchanged it for 730 ETH, and staked these tokens.

On August 4, Scam Sniffer specialists reported another phishing attack in which an investor lost $908,551. It was noted that the user signed the malicious contract 458 days ago.

🚨 ALERT: A victim lost $908,551 due to a phishing approval signed 458 days ago.
🔐 REMINDER: Regularly review and revoke old approvals — your wallet security matters! 💰 pic.twitter.com/ch0HII5n31

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) August 2, 2025

Experts advise the following:

• manually verify the entire address, not just the first and last characters;
• do not sign transactions you do not understand;
• revoke unnecessary permissions using Revoke.cash or similar tools.

In the first half of 2025, Web3 projects lost $3.1 billion due to hacks and fraud. Of this amount, $594 million was attributed to phishing and social engineering.

Read more about the most notable incidents of July in the digest: