A crypto trader lost $3.05 million in USDT stablecoin after clicking a malicious link and approving a fraudulent blockchain transaction.
The incident reported on August 5, 2025, shows how dangerous phishing scams are in the crypto world. One wrong move costs the investor everything in their wallet.
Details of the $3M Crypto Phishing Scam
The trader fell for a phishing attack by signing a malicious smart contract. According to Lookonchain, a blockchain analytics platform, the victim didn’t check the contract address before approving the transaction.
The scam happened at 6:28 PM UTC, when the wallet (0x2…695) interacted with Aave’s Ethereum USDT contract.
The hacker used a fake airdrop or token transfer as bait, tricking the trader into approving a transaction that gave the scammer full access. 3,087,821 aEthUSDT tokens, worth $3.05 million, were drained from the wallet in a single transaction.
How Crypto Phishing Scams Work
Phishing scams like this rely on social engineering, not hacking complex systems. The hacker will send a fraudulent link via email or a fake website that looks legitimate. Users who think it was a safe and real website will approve the transaction without checking the contract details.
Many platforms hide the middle characters of wallet addresses for simplicity, so the victim likely only matched the first and last few characters.
The scammer will always make an address that looks like a real one to trick people. Once someone agreed to the transaction, the scammer took control of the money and couldn’t be stopped.
Rising Threat of Crypto Phishing Scams
CertiK’s Web3 security report indicates that phishing scams led to over $1 billion in losses across 296 reported incidents in 2024. That year, at least three attacks successfully stole more than $100 million each.
This $3M loss is part of a growing trend where scammers target human error instead of tech vulnerabilities.
In May 2024, a wallet poisoning scam stole $71 million, though the funds were later returned after pressure from investigators.
Related: CoinDCX Breach: $44M Lost, But User Funds Fully Safe
Binance’s Efforts to Fight Crypto Phishing Scams
Binance launched an algorithm in May 2024 to detect address poisoning scams, identifying nearly 15 million fake addresses. Scam techniques are continuously evolving, making it essential for users to stay alert.
Experts urge investors to double-check contract addresses, use tools like Revoke.cash to cancel permissions, and store funds in offline hardware wallets.
This $3 million crypto phishing scam shows how important it is to stay alert. Always check transaction details, avoid clicking on unknown links, and disconnect your wallet after using it. The crypto world has no safety net—once your funds are lost, it’s almost impossible to get them back.
