A cryptocurrency investor has suffered a massive loss of $3.05 million in USDT after falling victim to a phishing scam.

According to on-chain data from Etherscan, the investor unknowingly signed a malicious transaction that authorized the transfer of 3,083,781.826298 USDT to a wallet address ending in 0x54800000.

The funds were siphoned from the victim’s wallet, identified as 0x2d9617f2…c2dc36695, via the Aave: Ethereum USDT contract.

The attacker executed the heist with a transaction fee of just 0.0057 ETH, worth around $20, with the transfer processed successfully on the blockchain.

This isn’t an isolated event. For instance, on August 3, another investor lost over $900,000 after unknowingly approving a malicious transaction more than a year ago.

In another case, $71 million was stolen in May 2024 through a wallet poisoning scam, only to be returned two weeks later after global investigators traced the attacker’s possible Hong Kong IP address, mounting pressure for recovery.

Increasing crypto phishing scams 

These attacks are also visible on major trading platforms. In this case, as reported by Finbold, pseudonymous on-chain analyst ZachXBT revealed that around $65 million was stolen from Coinbase users between December 2024 and January 2025. 

Despite working with a limited dataset, the findings suggest phishing and social engineering tactics are still costing crypto holders tens of millions.

Notably, crypto phishing attacks rely on social engineering tactics to trick users into revealing sensitive information through fake links. In this case, the victim likely verified the wallet address by matching only the beginning and end. 

These incidents highlight the importance of staying vigilant on Web3 platforms. Signing unclear transactions can lead to irreversible losses, as phishing scams often use deceptive prompts and fake interfaces.

Featured image via Shutterstock