- A delayed phishing attack drained $3.05M from a wallet after 458 days due to unchecked ERC-20 token approvals by the user.
- India’s Enforcement Directorate raided 11 locations after scammers laundered $29M in crypto by impersonating officials and tech agents.
- Users face rising risks from perpetual token approvals as scammers exploit ignored wallet permissions and high gas fees to revoke them.
A major phishing scam has just cost a crypto user $3.05 million in a sophisticated long-term wallet attack. The incident, reported only six hours ago, has sent shockwaves through the crypto community.
According to Scam Sniffer and BlockBeats, the user unknowingly signed a malicious transaction that gave scammers lasting access to their wallet. The theft occurred after 458 days of silence—when the wallet had finally accumulated a sizable balance.
This attack was enabled by the technical mechanics of ERC-20 tokens. It granted the scammer indefinite approval rights. Once the wallet became valuable enough, the scammer—identified by address “0x67E5Ae”—executed a single massive withdrawal on August 2 at 4:57 a.m. UTC. The funds, mostly in USDC, had been deposited earlier via MetaMask and Kraken.
Delayed Attacks and Token Approvals: A Rising Threat
These approval-based scams are no longer isolated. Instead, they are growing into a full-blown security crisis. Many users unknowingly sign permissions that remain active forever. Without revoking them manually, their wallets stay vulnerable. Consequently, attackers wait quietly until balances grow, then strike hard in one transaction.
Additionally, tools like Etherscan’s Token Approval Checker do help detect risky permissions. However, revoking approvals requires paying gas fees. Many users skip this step, increasing their risk of future theft. Moreover, wallet hygiene still lacks proper attention across most crypto holders. Hence, education and regular permission reviews have become urgent.
India Cracks Down on $29M Global Crypto Fraud
Meanwhile, India’s Enforcement Directorate has cracked down on a separate crypto scam worth nearly $29 million. On Wednesday, the agency raided 11 locations, including sites in Delhi. This operation followed reports filed by the CBI and Delhi Police.
According to local sources, scammers pretended to be officials from police and tech companies. They extorted money from both local and international victims. Besides that, they posed as support agents from Microsoft and Amazon. The accused laundered Bitcoin through USDT and used hawala networks in the UAE to convert funds to cash.
