A crypto investor has reportedly lost approximately $1.08 million worth of Aave Ethereum LBTC (aEthLBTC) after unknowingly approving a malicious transaction signature, triggering a large-scale asset drain.
According to PANews, the incident was identified by Scam Sniffer, which confirmed that attackers exploited a fraudulent permission authorization. Once the approval was granted, the stolen assets were immediately converted into Ethereum (ETH) and swiftly laundered through Tornado Cash, significantly reducing the chances of fund recovery.
Security analysts note that the phishing group behind the attack is highly sophisticated and does not belong to mainstream scam operations. This incident reinforces the growing threat of authorization-based exploits across decentralized finance (DeFi).
Experts strongly advise users to verify transaction permissions, avoid interacting with unknown smart contracts, and rely on trusted wallets and security tools to minimize risk.
