A crypto investor fell victim to a complex phishing scam that cost him a staggering $2.6 million in USDT. The attacker first siphoned $843,000 and then another $1.75 a few hours later.
A report by crypto compliance firm Cyvers revealed that the scammer manipulated Ethereum’s transaction history through its transferFrom function to form imaginary transactions from the victim’s wallet without the required authorization. The transactions didn’t trigger any security alert since they involved zero-value transfers.
The attacker will place their wallet address in the victim’s transaction history. The user trusts it as an outbound transaction, mistaking it for a known address, and approves it. The attack raises concerns about security and how even experienced traders could fall victim to phishing and other crypto scams.