The attacker exploited a common addiction among crypto users: validating only the primary and last couple of characters of a wallet address whilst ignoring the center.
A cryptocurrency investor has fallen victim to a phishing scam, dropping $3.05 million in Tether (USDT) after unknowingly signing a malicious blockchain transaction.
The loss, dropped by blockchain analytics platform Lookonchain on Wednesday, underscores the increasing threat of phishing assaults targeting digital asset holders.
The attacker exploited a common habit among crypto users: validating most effective the primary and last few characters of a wallet deal with at the same time as ignoring the middle.
Obscured Wallet Addresses Aid $3M Crypto Scam
Many systems obscure middle characters for design reasons, making it less difficult for scammers to trick customers into approving fraudulent transactions. In this case, the investor’s oversight cost them millions.
Lookonchain issued a warning following the incident, encouraging customers to remain vigilant.
“Stay alert, live secure. One wrong click on can drain your wallet. Never sign a transaction you don’t fully understand,” Lookonchain wrote.
Phishing scams in the crypto space typically depend upon social engineering processes in preference to technical exploits.
Fraudsters frequently share convincing links that lead customers to grant access or approve malicious smart contracts.
These scams are becoming increasingly sophisticated and private, focusing extra on human behavior than on breaking through hardened protocols.
Just days earlier, some other consumer reportedly lost over $900,000 due to a similar exploit, signing a malicious approval transaction greater than a year prior.
In May, a notorious “wallet poisoning” scam made headlines after draining $71 million.
In a rare twist, the attacker return back the funds after blockchain investigators traced a possible Hong Kong IP address.
According to CertiK’s 2024 Web3 safety report, phishing scams had been the maximum unfavorable attack vector within the crypto ecosystem, accounting for over $1 billion in losses across 296 recorded incidents.
At least 3 of those passed the $100 million mark.
Last week, blockchain analytics firm Arkham Intelligence reported that 127,426 BTC, valued at around $3.5 billion at the time and nearly $14.5 billion nowadays, was stolen from Chinese mining pool LuBian in December 2020.
LuBian rose quick in early 2020, becoming the 6th-largest mining pool on the Bitcoin community by using mid-year, before being hacked on December 28, 2020, for over 90% in their BTC.
Crypto Hacks Cost Investors $2.2B in H1 2025: CertiK
Crypto investors lost over $2.2 billion to hacks, scams, and offence in the first half of 2025, driven in large part with the aid of wallet compromises and phishing attacks, in keeping with CertiK’s cutting-edge security document.
Wallet offence alone induced $1.7 billion in losses throughout simply 34 incidents, whilst phishing scams accounted for over $410 million throughout 132 assaults.
Two foremost incidents, consisting of Bybit’s $1.5 billion hack in February and Cetus Protocol’s $225 million take exploit in May, skewed the year’s losses upward, collectively accounting for almost $1.78 billion.
Without these, losses align extra closely with previous years at round $690 million.
Ethereum remained the primary target, struggling over $1.6 billion in losses throughout a 175 events.