An Ethereum wallet was drained of $908,551 worth of USDC stablecoin on August 2, 2025, after a hacker exploited a malicious token approval signed by the victim 458 days earlier. Blockchain security firm Scam Sniffer identified the theft originating from wallet address 0x67E5Ae, linked to the notorious pink-drainer.eth phishing group.
The attack executed at 4:57 am UTC targeted ERC-20 token permissions granted during an undisclosed fake event in April 2024. The victim's wallet (0x6c0eB6) remained largely inactive until July 2, 2025, when $762,397 was deposited from a MetaMask wallet followed by $146,154 from Kraken within minutes. The attacker monitored the wallet for a month before draining the accumulated funds.
Scam Sniffer emphasized this incident underscores critical risks of unrevoked long-term token approvals in DeFi, stating: "Lingering token permissions can be weaponized after long dormancy if not revoked." The breach stemmed entirely from outdated user approvals, with no compromise to Ethereum's protocol integrity or broader DeFi market impacts reported. Users are urged to regularly audit approvals using tools like Etherscan's Token Approval Checker.