A cryptocurrency investor lost $3 million in a phishing scam after signing a malicious blockchain transaction without verifying the contract address, highlighting the risks posed by digital asset scams.

Just one wrong click was enough for an investor to lose $3 million worth of Tether (USDT) because he failed to verify the contract address before signing the blockchain transaction.

Blockchain analysis platform Lookonchain posted on X (formerly Twitter) on Wednesday, stating: "A user fell victim to a phishing attack and signed a malicious transaction, losing $3.05 million USDT. Users need to be vigilant and ensure security. Erroneous operations can lead to the loss of wallet assets. It is recommended to only sign transactions that are fully understood."

Cryptocurrency phishing attacks are social engineering scams where attackers steal sensitive information from victims by sharing fake links, such as the private keys of cryptocurrency wallets.

Like most investors, the victim may have only verified the address by matching the first and last few characters of the wallet address, then transferred $3 million to the malicious actor. The differences in the middle characters are often hidden on platforms to enhance visual appeal.

Cointelegraph reported that investors need to strengthen their due diligence. Another victim encountered a complex phishing attack on Sunday, losing over $900,000 worth of digital assets. This investor unknowingly signed a malicious authorization transaction 458 days ago, only realizing it after the assets were stolen.

Compared to the $71 million loss caused by an address poisoning attack in May 2024, these amounts seem trivial. The case took a turn when the scammers returned the entire $71 million within two weeks after global blockchain investigators revealed that it might be linked to a Hong Kong IP address and continued to apply pressure.

Hackers are gradually shifting their focus from exploiting code to leveraging human psychological vulnerabilities, which may be easier to bypass than protocol protections.

According to CertiK's annual Web3 security report, phishing attacks became the most damaging attack method in the crypto industry in 2024, with attackers stealing over $1 billion worth of digital assets through 296 incidents.

Among nearly 300 phishing attacks in 2024, at least three resulted in losses exceeding $100 million.

"Last year, phishing was the most expensive attack vector," a CertiK spokesperson told Cointelegraph. "Our data is conservative; considering unreported incidents and other types of phishing scams like 'pig butchering,' the actual numbers are higher."

Cointelegraph previously reported that in response to this threat, Binance, the world's largest exchange, developed an "antidote" to address poisoning scams, releasing related algorithms in May 2024 that detected nearly 15 million poisoned addresses.

Related: UK Policy Shift: Approval of Retail Trading in Cryptocurrency ETNs, Aiming to Build a Crypto Hub

Original article: “Cryptocurrency Investor Falls Victim to Phishing Scam, Loses $3 Million in One Click”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。