Ethereum User Loses $1M in Phishing Attack via Malicious Token Approval
An anonymous Ethereum wallet owner lost nearly $1 million USDT in a phishing attack. The incident occurred when the user signed a malicious token approval request on the Ethereum network.
After the approval was granted, attackers used an automated sweeper script to drain the wallet almost instantly. Three transactions were executed: 639,999, 159,999, and 200,000 USDT. This type of attack doesn't require access to the victim's wallet and can leave users with virtually no time to cancel.
The attacker tricked the user into signing a request that granted unlimited approval to a malicious smart contract. The Multicall function was used, which bundles multiple actions into a single transaction, allowing attackers to drain funds within seconds of signing.




