Phishing Approval Scam Drains $1M From Trader Amid Rising Onchain Fraud Activity

Phishing Approval Scam Drains $1M From Trader Amid Rising Onchain Fraud Activity
Table of Contents

TL;DR

  • A user lost nearly $1 million after signing a fraudulent token approval on Ethereum, in a new case of onchain phishing.
  • Phishing losses reached $723 million across 248 incidents during 2025, according to data from security firm CertiK.
  • Chainalysis reported that onchain scams generated at least $14 billion in losses in 2025, with approval phishing being the most recurring attack vector.

A trader lost nearly $1 million last Wednesday after signing a malicious token approval on the Ethereum network, according to onchain data published by security firm Scam Sniffer.

The incident was based on a phishing attack via approval tokens, a tactic that has already caused losses of $366 million in the first half of the year alone. The attackers first attempted to drain exactly $1 million through multicalls, but failed due to insufficient funds. Seconds later, a script recalculated the available balance and extracted the remaining $999,999 in three consecutive transactions.

Phishing Can Steal Millions in Seconds

This type of attack operates through social engineering: the victim signs what appears to be a minor transaction, but in reality grants the attacker unlimited access to their wallet’s funds. “The approval gave the attackers unlimited access, which allowed an automated sweeper to steal all the funds,” explained researcher Ryan Coleman. Earlier in July, another user had lost $1.65 million after connecting to a fake exchange and signing a malicious contract in a similar scheme.

According to CertiK, phishing attack losses reached $723 million across 248 incidents during 2025. Chainalysis, for its part, reported that onchain scams generated at least $14 billion in losses that year, with investment scams being the dominant category and approval phishing the frequent execution mechanism. “Scammers reuse the same wallets, legitimate contract approval functions and cash-out routes across victims, which means that each report exposes a broader network,” noted Renato Bastos, senior researcher at Chainalysis.

Phishing

Address Poisoning

Another highly dangerous vector is address poisoning. Attackers generate wallets with addresses nearly identical to those of their targets and send small amounts of funds to induce copy errors. In June, MetaMask launched a real-time detection tool that compares each pasted address against the user’s previous interaction history. Scam Sniffer recommended verifying all signature requests before approving them, avoiding transactions made under pressure, and using scam detection extensions.

RELATED POSTS

Ads

Follow us on Social Networks

Crypto Tutorials

Crypto Reviews