A crypto trader lost $1 million after signing a phishing token approval, according to Cointelegraph. The incident points to a familiar onchain attack pattern: users are tricked into granting permissions that allow scammers to move assets from their wallets.
The case matters because approval phishing remains one of the most damaging attack vectors in crypto. Unlike simple impersonation attempts, these scams can exploit wallet permissions after a victim authorizes a transaction, making the approval step itself the point of failure.
Cointelegraph reported that onchain scammers netted more than $14 billion last year. That figure underscores how large the threat has become for traders, wallet users and the wider crypto ecosystem.
The incident is also a reminder that wallet interactions can carry risk even when they do not look like direct transfers. Token approvals are a common part of using decentralized applications, but malicious approvals can expose funds if users sign requests from phishing sites or fraudulent prompts.
For crypto companies and users, the loss reinforces the need for clearer transaction warnings, safer approval flows and stronger caution around wallet signatures. The available details do not identify a broader market impact, but the attack fits a larger pattern of onchain scams targeting user permissions.