A single deceptive transaction cost one cryptocurrency user a staggering $3.05 million in USDT tokens today.

Blockchain security firms Lookonchain, PeckShield, and Scam Sniffer reported the incident, tracing the theft to a phishing attack where the victim unknowingly signed a malicious transfer, draining their wallet of Aave-wrapped USDT (aEthUSDT).

Anatomy of a Multi-Million Dollar Theft

According to on-chain data analyzed by Scam Sniffer, the victim’s address, 0x2d98…6695, interacted with a phishing contract, after which they signed a transaction authorizing the transfer of their aEthUSDT tokens, worth over $3 million, to the scammer’s address.

The security experts stated that the scam relied entirely on tricking the user into approving this single, harmful transaction, bypassing the need for direct wallet access.

This incident follows a worrying pattern identified by Scam Sniffer involving attackers exploiting EIP-7702 upgraded addresses. Only recently, the platform revealed two addresses that lost $146,551 and $66,000 from such tactics, with malicious batched transfers disguised as legitimate Uniswap swap operations.

“Attackers use batch transfers… routing through Uniswap Universal Router to appear legitimate. Be extra cautious!” the on-chain security platform warned.

Just days ago, the firm reported on another victim who lost more than $908,000 from a phishing approval they had signed 458 days earlier, advising users to “regularly review and revoke old approvals.”

These events follow broader trends highlighted in a recent Bitget report: crypto recorded $4.6 billion in scam losses during 2024, with AI-enabled fraud accounting for nearly 40% of high-value drain events.

What Users Need to Know

Phishing attack lines often simulate support, wallet prompts, or investment depictions, only to steal when users sign fake requests. Those behind such scams commonly use social media links, fake KYC portals, or false contract prompts. Therefore, users are advised to religiously verify all transactions before signing, especially batch or approval prompts, and confirm that URLs come from official sources.

This latest case demonstrates how high-value addresses remain only a signature away from ruin, despite strong on-chain experience or wallet age. The fact that over $3 million was transferred in a batch suggests advanced targeting, not just random spam.

Recent regulatory moves and industry watchdog programs, like Bitget, SlowMist, and Elliptic’s $300 million Anti‑Scam Hub, are aiming to detect and disrupt such fraudulent networks, but users must remain cautious. Not all security providers can act in real time, and, like crypto security experts warn, defenders lose more than they can prevent unless every on‑chain signature is questioned.