A crypto investor has lost $3 million in USDt after unknowingly approving a malicious blockchain transaction in a sophisticated phishing scam, reigniting concerns over user security in the digital asset space.

Blockchain analytics platform Lookonchain confirmed the loss, warning users on X that “one wrong click” can result in total wallet drain. The investor had signed a transaction without fully verifying the contract address—a common mistake where users only check the beginning and end of wallet addresses, ignoring the middle portion where fake addresses often differ.

Phishing scams are now the most dangerous form of crypto attack in 2024. These social engineering tactics trick users into giving access to their wallets or signing approvals that enable hackers to drain funds. In this case, the investor lost over $3 million with a single transaction signature.

This is not an isolated incident. Earlier this week, another user lost $900,000 after unknowingly granting approval to a scammer's wallet more than 458 days ago. Such “slow-drain” attacks are difficult to detect and nearly impossible to reverse.

The worst wallet phishing case of the year involved a staggering $71 million loss in May. Remarkably, the scammer returned the funds two weeks later after intense tracking by blockchain investigators revealed links to a Hong Kong-based IP address.

According to CertiK’s Web3 security report, phishing accounted for over $1 billion in stolen assets in 2024 across 296 incidents. At least three of those heists exceeded $100 million in losses each.

In response, Binance has launched a detection system targeting address poisoning scams, identifying nearly 15 million suspicious addresses to date.