A crypto investor has lost over $3 million through a malicious phishing attack

A cryptocurrency investor has lost over $3 million in Tether (USDT) through a malicious phishing attack. The victim allegedly approved a transaction without knowing it was a malicious social engineering scam.

Analytics platform Lookonchain reported on Wednesday that someone fell victim to a phishing attack and lost $3.05M in USDT. The firm urged people to stay alert and safe, since one wrong click can drain their entire wallet. Lookonchain also cautioned people never to sign a transaction they don’t fully understand.

Phishing scam incidents surge in 2025

Someone fell victim to a phishing attack, signed a malicious transfer, and lost 3.05M $USDT!

Stay alert, stay safe. One wrong click can drain your wallet.

Never sign a transaction you don’t fully understand.

Double-check the URL, double-check all signature requests

Verify… pic.twitter.com/39YYe1LAoz

— Lookonchain (@lookonchain) August 6, 2025

Attackers tend to share fraudulent links with victims to steal their sensitive information, such as wallets and private keys. Some victims fail to authenticate the full characters of the wallet addresses, as the middle part is often hidden on platforms.

On-chain data also revealed Sunday that another victim lost over $900,000 worth of virtual currencies to a malicious phishing attack. The attacker allegedly waited for around 458 days after the malicious approval went through and waited for the victim to add funds to the address before the breach.

Scam Sniffer, who exposes crypto scams, revealed that the scammer stole $908,551 worth of USDC on August 2 after signing the phishing approval transaction on April 30, 2024. He warned crypto users to be careful with approvals or fall victim to such social engineering attacks.

In May 2024, a victim fell into a phishing scheme and lost roughly $71 million. The scammer allegedly returned the funds in two weeks after mounting pressure from global blockchain investigators who revealed his potential Hong Kong-based IP address.

Certik’s annual Web3 security report revealed that phishing attacks were the most costly vector for the crypto sector in 2024. According to the report, phishing schemes netted over $1 billion worth of virtual currencies across 296 incidents.

The firm’s spokesperson mentioned that the figures could be higher if unreported incidents and attacks like pig butchering are included. The spokesperson also cautioned that phishing scams could surge in 2025 due to the developments in artificial intelligence.

Certik also released its Web3 security report for the second quarter and first half of 2025, showing a growing number of phishing incidents. Phishing attacks accounted for over $395 million stolen across 52 incidents.

The firm reported that over $801 million was lost across 144 incidents in Q2, a 52.1% decrease in value lost in the previous quarter. The Ethereum network saw a total of $65.4M lost in 70 attack breaches.

According to the report, between January and June, the crypto industry saw a total of over $2.5 billion lost across 344 incidents. Spoofing accounted for a large chunk of the security breaches, with $410.7 million stolen across 132 security breaches.  The analytics firm also urged users to be cautious, avoid suspicious URLs, double-check links, and use hardware wallets for storage.

Tools exist to mitigate phishing attacks

Ethereum users can mitigate attacks on the network by leveraging Etherscan’s Token Approval Checker to review and revoke unnecessary token approvals. Users will also have to pay a gas fee for each revocation on the checker.

A group of ethical hackers established the anti-hack response team in August 2023, led by white hat hacker Samczun. The Security Alliance aims to make protocols more resilient to cyberattacks. The group also published the Whitehat Safe Harbor Agreement, which was meant to provide financial assistance to white hats facing legal action.

The world’s largest crypto exchange, Binance, also developed an “antidote” to address phishing scams. The program detects spoofed addresses and alerts users before they send digital assets to scammers.

KEY Difference Wire helps crypto brands break through and dominate headlines fast