As confirmed by Web3 security platform Scam Sniffer, a cryptocurrency user lost $440,358 in USD Coin (USDC) on Ethereum after unknowingly approving a fraudulent “permit” signature that allowed an attacker to compromise his wallet.
The victim used wallet address 0x67E8561Ba9d3f4CBe5fEd4C12c95b54f073a0605 to approve malicious transactions such as: granted Full usage rights for the attacker. Scam Sniffer found the funds being sent to two separate addresses labeled 0xbb4…666f682aF and 0x6a3aF6…d8F9a00B.
Phishing attacker approves $440,000 USDC transfer from victim
According to Etherscan blockchain data, the attackers relied on “permission” transactions, a type of signature that transfers tokens without requiring manual confirmation by the owner. Even if the money does not appear to be moving at the time of signing, an attacker can later fill in the amount and cash out without additional consent. In this case, $440,358 was entered.
Once approved, the attacker invoked several “transferFrom” calls using the FiatTokenProxy contract to process USDC transactions. Around 10am UTC on Monday, 22,000 USDC was transferred to the “fake phishing” account, with $66.06k sent to addresses 0xbb4…666f682aF and $352.3k sent to 0x6a3aF6…d8F9a00B simultaneously.
Victim:
0x67E8561Ba9d3f4CBe5fEd4C12c95b54f073a0605con man:
0xbb4223Ef4cCe93fB40beb62178aBE9A666f682aF
0x6a3aF6Cb51D52F32D2A0A6716a8EFF99d8F9a00B https://t.co/GdyGP2iPYZ pic.twitter.com/IukksnpAl1— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 8, 2025
Scam Sniffer reported another phishing incident on November 7th. In this incident, another user lost $1.22 million in USDC and PlaUSDT0 tokens just 30 minutes after signing a fraudulent authorization message.
According to Web3 Security Company’s November Phishing Report, total losses reached $7.77 million, an 1137% increase from October’s $3.28 million. Despite the spike in losses, the number of victims decreased by 42%, with 6,344 users being compromised in November, down from 10,935 victims who logged in the previous month.
Almost a week ago, some hackers used “address poisoning” to steal 1.1 million USDT on Ethereum. Ramiel Capital CIO Kyle Soska said the group monitored small outbound transfers from whale wallets and used GPU-powered systems to generate nearly identical lookalike addresses.
“The attacker in this case sends a very small Tether transaction on-chain to the victim so that a similar address appears in the victim’s Web3 wallet’s recent activity list. The victim then mistakenly selects this address to send large sums of money to,” Soska said in response to an X user who asked how the incident was possible.
Holiday shopping season is full of identity theft scams
The escalation in crypto-related phishing comes on the heels of an increase in digital fraud during the holiday season. Darktrace, a cybersecurity firm that tracks global consumer phishing trends, reported a 201% increase. scam The percentage of people who impersonated major U.S. retailers in the week leading up to Thanksgiving was compared to the same week in October.
Emails impersonating Macy’s, Walmart, and Target increased by 54% in one week, while Amazon was the most impersonated company overall, accounting for 80% of phishing attacks, surpassing digital consumer brands Apple, Alibaba, and Netflix.
In early November alone, Kaspersky Lab detected 146,535 spam emails mentioning seasonal discounts. Of those, 2,572 were related to Singles’ Day campaigns. Many of these messages reuse tried-and-true recycled templates from previous years, with scammers imitating Amazon, Walmart, and Alibaba to promote early access sales, redirecting users to fake checkout pages to steal credentials, and perform malicious authorizations.
data According to research by Kaspersky Security Network (KSN), from January to October, the company blocked 6,394,854 phishing attacks targeting online stores, banks, and payment systems. Almost half (48.2%) of these attempts specifically targeted online shoppers.
During the same period, Kaspersky Lab identified over 20 million attacks against gaming platforms. This includes 18.56 million attacks that exploit Discord, a distribution point for malicious files disguised as gaming software.
Entertainment platforms also saw intense targeting, with 801,148 Netflix-themed phishing attempts and 576,873 Spotify-related phishing attempts recorded in 2025. The company also recorded 2,054,336 phishing attempts impersonating gaming platforms Steam, PlayStation, and Xbox.
In addition, Kaspersky recorded 20,188,897 malware infection attempts disguised as “common software,” of which Discord detected the lion’s share at 18,556,566, more than 14 times the number of incidents reported last year.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
