According to a report from Scam Sniffer, a web3-to-Scam platform, one person just ran out of $330k for approval of phishing, and they exchanged over a year ago.
According to Etherscan, the victim lost a total of $329,743 in Aave tokens. One of the most distinctive facts about the case is that the phishing approval was signed at 12:51am on February 10, 2024, 408 days ago, allowing scammers to access the victim’s wallet.
Theft occurred at 12:35am on March 24, 2025 when the attacker transferred a 1,999.23 Aave token, which valued 1,999.23 Aave token at $329,743 in a single transaction.
Prior to the theft, Target Wallet held $527,498 in Aave. By the time the hackers were completed, the victims had only $197,755 left.
The victim signed a phishing approval signed 408 days ago. Source: Etherscan
The wallet contained other assets, including LPT. However, the hackers moved only the victim’s Aave tokens, as they were the only tokens targeted on the transfer.
Hackers have not been identified yet, and victims have limited options for recovering stolen funds for now.
Authorization phishing scams are a serious threat to crypto holders
According to a report by Chainalysis, Crypto Space has lost around $1 billion in phishing scams since May 2021, and $374 million in 2023 alone.
While approval phishing as a fraud tactic has been around for many years, fraudsters have historically targeted crypto users through the spread of fake crypto apps. As space evolved, those techniques became even more effective.
Usually, scammers trick the victim into sending cryptocurrency via fake investment opportunities or impersonating someone else. However, when authorization phishing scams are involved, the scammer will trick the user into signing a malicious blockchain transaction and approve the scammer’s address to spend a certain token from the victim’s wallet. This allows fraudsters to access to the victim’s address freely for ejecting these tokens’ victims’ addresses.
Generally, approved Phishers send victim funds to separate wallets and separate wallets to make transactions on behalf of the victim. Typically, on-chain patterns ensure that the victim address signs and spends funds on a transaction that approves a second address. It then runs a transaction, the second address, the approved spender address, to move the funds to the new destination address.
Taylor Monaghan (aka @tayvano_), the leading security researcher at MetaMask, is one of those who track romance fraud style approval phishing with their custom dune analytics dashboard.
Taylor Monaghan shared an example of a phishing email. Source: @tayvano_(x/twitter)
The victims of these romance scammers reportedly lost about $1 billion in approval of phishing scams since May 2021. It is important to note that a total of $1 billion is an estimate based on the pattern of chains. Some of it may represent the laundry of funds already under control by fraudsters.
This is because romance fraud is infamously underreported, and the analyses that resulted in these results began with limited instances reported.
The majority of approval phishing scams are believed to be carried out by several highly successful actors, and can address issues ranging from user education to adopting pattern recognition tactics.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
