Nearly $1 Million Lost from Web3 Wallet in Rare Phishing Attack

A rare phishing attack has recently drained a notable amount from a Web3 wallet. As per the data from Scam Sniffer, the attacker has taken away $908,551 $USDC from a Web3 wallet following a 1.5-year-long dormancy after signing a phishing approval. The crypto anti-scam platform has disclosed in a recent X post that, after this long dormancy, the attacker has recently emptied the wallet after the funds entered the wallet thirty days ago. This development highlights the consequences of not verifying the DeFi orders before signing them.

https://twitter.com/realScamSniffer/status/1951528627985850508?ref_src=twsrc%5Etfw” target=”_blank” rel=”noopener nofollow

Phishing Scammer Waits 1.5 Years to Finally Drain $908K from Web3 Wallet via Phishing Approval

The on-chain data points out that the Web3 wallet of the victim stayed empty for up to 458 days (nearly 1.5 years) after the phishing approval. Nonetheless, the exploiter remained patient and waited for the funds to enter the respective wallet to drain them. Hence, thirty days back, the wallet received up to 908,551.976006 $USDC. Following this, the attacker executed extraction and emptied the wallet within hours.

Web3 Users Advised to Revoke Previous Token Approval and Do Regular Audits

According to Scam Sniffer, the exploiter shrewdly drained the victim’s Web3 wallet after it obtained funds. In this respect, a cumulative 125 transfers were reportedly logged before the complete drainage of the respective wallet. The past transfer histories indicate interactions with MetaMask Swaps, Kraken, and other legitimate platforms, disclosing how lingering vulnerabilities could be masked by real activity. Hence, this incident reminds Web3 consumers to revoke former token approvals and regularly audit previous activity to prevent such exploitation.