A crypto holder has lost $908,551 in USDC after unknowingly granting token access through a malicious smart contract over a year earlier.
The approval was signed on April 30, 2024, likely during interaction with a fake airdrop or spoofed website. The attacker waited 458 days before executing the theft on August 2, 2025, transferring the full amount to a wallet labeled pink-drainer.eth.
On-chain data shows the victim had recently moved $762K from MetaMask and another $146K from Kraken into the compromised address on July 2, giving the scammer a reason to act.
Until then, the wallet had only seen minor, low-value transactions, making it unlikely to trigger alarms. Investigators believe the attacker had been monitoring the address, waiting for a large enough balance before draining the funds.
Security analysts at Scam Sniffer emphasized that old token approvals can remain active indefinitely. They advise users to review and revoke any unnecessary permissions using tools like Etherscan’s Approval Checker, even if it costs gas.
In July 2025, over $142 million was lost across at least 17 crypto-related attacks, with this case standing out due to its long delay between approval and execution.
The information provided in this article is for informational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
Alexander Zdravkov
Reporter at Coindoo
Alexander Zdravkov is a person who always looks for the logic behind things. He is fluent in German and has more than 3 years of experience in the crypto space, where he skillfully identifies new trends in the world of digital currencies. Whether providing in-depth analysis or daily reports on all topics, his deep understanding and enthusiasm for what he does make him a valuable member of the team.
Source: https://coindoo.com/crypto-investor-wallet-drained-of-almost-1m-after-year-old-approval-ignored/