Crypto user loses 908K USD in delayed wallet-draining scam
A crypto user has fallen victim to a sophisticated wallet-draining scam, losing $908,551 in USD Coin (USDC) nearly 16 months after unknowingly authorizing a malicious smart contract. Onchain data reveals the approval transaction was signed on April 30, 2024 — but the theft occurred much later, on August 2, 2025.
Personal Opinion
⚠️ Be careful! Even hardware wallets aren’t immune to these kinds of attacks — this is a smart contract permissions issue, not a wallet compromise. On chains like Ethereum, malicious approvals can linger for months or years.
Users should regularly check and revoke token permissions using tools like Etherscan’s Token Approval Checker.
And in this case, $146K USDC was transferred from Kraken to a wallet with a known malicious approval. For a company that prides itself on compliance and “protecting users”, shouldn’t they bear some responsibility for failing to check the payout address?
read more >>>
