Scammer Exploits 458-Day-Old USDC Approval, Drains $908K
In a delayed exploit, a scammer drained $908,551 in USDC by exploiting a 458-day-old USDC token approval signed on April 30, 2024. The victim likely granted the malicious ERC-20 approval via a phishing site or fake airdrop. The wallet remained empty until July 2, 2025, when $762,397 USDC moved to MetaMask and $146,154 arrived from Kraken. On August 2, 2025, at 04:57 UTC, the attacker transferred all funds to a pink-drainer.eth address. Security firm Scam Sniffer revealed the hack, highlighting the need for regular wallet security checks and revoking old USDC token approvals to prevent future scams.
Bearish
Such a high-profile hack exploiting a 458-day-old USDC token approval undermines confidence in USDC security. In the short term, traders may pull funds from USDC, leading to increased volatility and potential peg pressures. Over the longer term, platforms and users are likely to strengthen approval management and security audits, possibly reducing USDC’s convenience and liquidity. While the exploit does not directly affect USDC’s on-chain mechanics, diminished trust in token approvals could weigh on its market stability. Overall, the incident is bearish for USDC’s price sentiment.