A crypto investor lost $3M in a phishing scam this week. Experts say phishing is now Web3’s biggest and fastest-growing threat.
This week, a crypto investor reportedly lost over $3 million in USDT to a phishing scam. The entire theft happened in a single moment, when the victim unknowingly clicked on the wrong button and signed off his assets to hackers.
The rising number of such cases has been a major source of alarm, and here are the details of the latest one.
Phishing Scams Are Exploiting Human Psychology
Unlike hacks that break into networks, phishing scams do things differently. They trick users into giving away access, with many victims never realising what has happened until it is too late.
In this case, the investor likely saw a transaction request and signed it without double-checking the contract address.
According to Lookonchain in a recent update, this simple action was all it took to drain $3.05 million worth of USDT from the wallet.
Someone fell victim to a phishing attack, signed a malicious transfer, and lost 3.05M $USDT!
Stay alert, stay safe. One wrong click can drain your wallet.
Never sign a transaction you don’t fully understand.
Double-check the URL, double-check all signature requests
Verify… pic.twitter.com/39YYe1LAoz
— Lookonchain (@lookonchain) August 6, 2025
Attackers often take advantage of how wallet addresses are displayed. Most users only verify the first and last few characters, since many platforms shorten addresses for convenience. The middle characters (which are often the main differences between addresses) are hidden.
This allows scammers to create fake addresses that resemble real ones. When users fail to verify the full string, they can end up signing transactions that hand over control to the scammer.
$900K Lost After 458 Days
Just days earlier, another victim lost over $900,000 worth of crypto in a similar phishing attack. The difference this time is that the scammer waited for 458 days after the victim approved the scam transaction to steal the funds.
Only when the victim transferred more funds to the scam address did the attacker strike.
According to updates from Scam Sniffer, this type of long-term attack is becoming more common. Scammers often wait for victims to “top up” their wallets before draining them.
“Be extremely careful with approval transactions,” Scam Sniffer advised. “One careless click can leave you exposed for months.”
🚨 ALERT: A victim lost $908,551 due to a phishing approval signed 458 days ago.
🔐 REMINDER: Regularly review and revoke old approvals – your wallet security matters! 💰 pic.twitter.com/ch0HII5n31— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) August 2, 2025
Phishing Attacks Are Now the Top Crypto Security Threat
According to CertiK’s Web3 security report from last year, phishing scams caused over $1 billion in losses across 296 incidents within the year. These attacks have now outshone all other exploit types in terms of damage.
And the problem isn’t going away. In the first half of this year alone, phishing scams stole over $395 million from crypto users.
Some incidents were massive. In May of last year, for example, one victim lost $71 million to a phishing scam. Shockingly, the attacker returned the funds after pressure from blockchain investigators who traced the IP address to Hong Kong.
What makes phishing attacks more dangerous is their simplicity. No code is broken. No smart contracts are hacked. Instead, users unknowingly give the scammer permission to drain their wallets.
Overall, this story of loss from a single click is a reminder that even experienced crypto users are not immune to threats. Phishing scams are now smarter, more patient and harder to detect.
As a crypto user, take your time and verify everything before approval.
