A scam targeting a crypto user causes him to lose 908,551 USDC. He becomes a victim of a delayed deposit that drains his mobile wallet due to a dubious approval that was signed 16 months earlier.
One crypto user lost 908,551 of their money in a sophisticated scam. The money was drained out of their wallet 16 months after unknowingly authorizing a malicious transaction. The stolen amount, which is in the form of the USD Coin (USDC), was cleared on August 2, 2025, but the swindle started with a signed authorization on April 30, 2024.
The victim approved a shady ERC-20 token, which was probably an airdrop scam or a bogus fancy site. This provided the fraudster with access to the user’s wallet; however, the theft happened more than a year later.
Scammer drains wallet 458 days after approval
The beneficiary of the money taken away by the hacker was the wallet address 0x67E5Ae with the label pink-drainer.eth. It was a breach that had happened on Aug 2, 4.57 AM UTC. On-chain information reveals that the smart contract acceptance occurred specifically 458 days ago, when the scammer could perform at a time when the wallet was containing high-value assets.
The timeline was verified by a cybersecurity company, Scam Sniffer, which stated that the attacker exploited a common phishing technique. The con artist took their time before taking action after the wallet had massive deposits.
Funds transferred before the theft occurred
On 2025-07-02, 8:41 PM UTC, the victim sent 762,397 USDC to the wallet with the address 0x6c0eB6 created in MetaMask. This was followed by a separate transaction of yet another $146,154, one hour and ten minutes later, to another Kraken exchange wallet to transfer funds to the same wallet.
The scammer followed these activities. Prior to July, only small amounts of transactions had been captured in the wallet, which is probably why it was below the radar until then. By the time the money was finally centralized, the attacker pounced and depleted the money.
Security experts urge users to manage token approvals
This case is another blow to the issue of the security of token approvals in the crypto world. At this, and almost every other step, Cam Sniffer cautioned users to watch and remove expired permissions frequently. They advised one to use applications such as the one by Etherscan, known as Token Approval check, to revoke unnecessary permissions.
Cancellation of token approvals has a gas charge, and experts caution that it is not a good bargain to save assets. In one month alone, July 2025, over 142 million dollars were stolen in 17 different attacks. The highest loss was in the crypto exchange CoinDCX. Many users are now demanding more protective measures. Meanwhile, the attacker’s identity is unknown.
The post Crypto user loses $908K in delayed wallet-draining scam first appeared on Coinfea.
