According to Cointelegraph: An unfortunate cryptocurrency holder has reportedly lost a staggering $4.46 million to a phishing scam. The sum, denominated in Tether (USDT), was transferred out of a Kraken exchange wallet and eventually ended up in an address allegedly controlled by a scammer.
Blockchain security company PeckShield has identified this address as linked to a phishing attacker. On September 20, Scam Sniffer, another blockchain scam tracking platform, suggested that the funds were moved to an address associated with a fraudulent Coinone crypto mining exchange.
A user-compiled Dune Analytics dashboard indicates that scams like this have led to thefts of around $337.1 million in USDT, affecting nearly 21,953 individuals. According to the Global Anti-Scam Organisation (GASO), this scam likely employs the technique of approval mining which tricks victims into allowing unlimited withdrawals from their wallets.
Highlighting the mechanics of such a scam, GASO explained that fraudsters do not need a victim's seed phrase to execute the scam. Instead, they deceive victims into authorizing unlimited access to their wallet via the USDT smart contract under the guise of a nominal Ether network fee for participation in a false mining pool. The resulting digital signature is all the attackers need for unlimited withdrawals.
