The crypto investor lost $3 million with one click

The user signed a malicious transaction without verifying the smart contract address. As a result, he lost $3.05 million, analysts from Lookonchain report.

"Be on guard and take care of yourself. One wrong click and your wallet is emptied. Never sign a transaction that you do not fully understand," analysts warned.

In the context of a phishing attack, a common practice was used: to deceive, the attackers create fake addresses or links that imitate the usual ones.

Account frustration. How the Pectra update made life easier for hackers

According to experts, the victim authorized the transfer to a fraudulent address that matched the real one at the beginning and the end. The middle part, which many wallets hide for convenience, was different.

The attacker transferred 3,087,821 aEthUSDT ( approximately $3.05 million ) from the affected user to two wallets. Then he sent $2.6 million to several other addresses, exchanged it for 730 ETH, and staked these tokens.

On August 4, Scam Sniffer specialists reported that as a result of yet another phishing attack, an investor lost $908,551. It is noted that the user signed a malicious contract 458 days ago.

The advice of specialists can be summarized as follows:

• manually check the entire address, not just the first and last characters;
• do not sign unclear transactions;
• revoke unnecessary permissions through Revoke.cash or analogs.

Let us remind you that in the first half of 2025, due to hacks and fraud, Web3 projects lost $3.1 billion. Of this amount, $594 million was due to phishing and social engineering.

Read more about the most high-profile incidents of July in the digest:

Main highlights of the month: fuel for Ethereum, record difficulty, and major AI releases