Yesterday my friend lost 200,000. His name’s Josh. He's been in crypto since 2021 — rode through the hype, the crashes, the scams. He wasn’t some clueless degen either. He was careful. The kind of guy who double-checks URLs, uses a Ledger, and tells others to “never sign random approvals.” But yesterday, it still happened. He was checking a DeFi dashboard he’s used dozens of times. The site looked normal. No alerts, no warnings. Then a little pop-up said his session expired and asked him to reconnect his wallet. So he did. MetaMask popped up — “Approve access.” Nothing unusual. It wasn’t asking to send anything. Just an approval. Like what we all do 20 times a day in DeFi. He clicked Approve. And that was it. The contract had been swapped behind the scenes. The approval gave it full access to his tokens — 200,000 worth. ETH, stablecoins, some alt bags, and a couple of NFTs. Gone. In under 20 seconds. He stared at the screen for a minute, waiting for it to refresh. Then he opened Etherscan and saw the wallet drain in real-time. He texted me just two words: “It’s gone.” It wasn’t some new project or rugpull. No Discord shills, no too-good-to-be-true presale. It was one tired click. On a normal day. On a site he trusted. Josh is crushed, obviously. But he’s not alone. The scam contract had hit hundreds of wallets. DNS hijack. Looked 100% legit. If you’re reading this, let his mistake be your warning: • Never approve contracts casually, especially when tired or distracted. • Use a burner wallet when browsing or testing things. • Revoke old permissions regularly (use http://revoke.cash). • Triple-check your transactions (use http://pocketuniverse.app). • Treat MetaMask like it’s loaded with C4. One wrong click is all it takes. Josh’s 200K lesson could’ve been any of us.