According to on-chain data platform Lookonchain, a user has lost $3.05 million USDT in a single phishing attack, triggering a crucial warning for the crypto community.
The crypto user reportedly signed a malicious transfer after falling victim to a phishing attack, with the wallet subsequently drained of $3.05 million USDT as attackers gained control of it.
Someone fell victim to a phishing attack, signed a malicious transfer, and lost 3.05M $USDT!Stay alert, stay safe. One wrong click can drain your wallet.Never sign a transaction you don’t fully understand.Double-check the URL, double-check all signature requestsVerify… pic.twitter.com/39YYe1LAoz
— Lookonchain (@lookonchain) August 6, 2025
Malware scams are evolving, with a new scheme on the rise that relies on phishing emails delivering ZIP file attachments that infect user devices.
Binance recently disclosed an incident in which one of its users received an email from someone impersonating a manager at the cryptocurrency exchange. The email contained a password-protected ZIP file. Trusting the source, the user opened it, unintentionally downloading malware onto their trading device.
card
With the device compromised, unauthorized API-based withdrawals followed, which were routed through another country as the device was now controlled by attackers.
The recent incident has prompted a warning for crypto users to stay alert and safe, as one wrong click can drain their wallets. Also, they should never sign a transaction they do not completely understand; double-check URLs and any signature requests. They should also verify contract addresses using official sources.
Malware threat on rise
Malware threats have evolved so far this year, emerging from all across the internet. Cybercriminals are continuously seeking new means to exploit unsuspecting users, from search engines to social media feeds and even messaging apps.
card
While these threats are prevalent, one growing tactic deserves special attention: phishing emails containing malware attachments.
The scheme exploits victims’ trust, tricking them into opening a file and then launching malware directly on their machine, utilizing social engineering to mislead them into activating the threat.
