Crypto User Bleeds $2.5M in Copy-Paste Scam—Twice

Another day, another ’send me your seed phrase’ horror story—except this one comes with a brutal twist. The same victim got drained not once, but twice, proving that even in decentralized finance, old-school greed still trumps common sense.

How it happened: Clipboard malware swapped wallet addresses mid-transaction. The first $2.5M vanished. Then—while reporting the theft to ’support’—they pasted their credentials into a phishing site. Poof. Another $2.5M gone.

Lesson? Crypto’s trustless ethos doesn’t cure human stupidity. And as always, the only thing decentralized about these scams is the victim’s bank balance.

SlowMist flags another security alert

SlowMist has also issued a security alert in a post where multiple users have reported receiving SMS messages from “well-known exchanges”. The message says that “Your withdrawal verification code is xxx. If you did not request this transaction, call xxx immediately for assistance.” Once calling back to the number, a user is being told that it’s a “security breach” and get connected to someone claiming to be from “hardware wallet support.”

Later, the scammers guide the victims to a phishing site and trick them into entering their mnemonic phrase. This has resulted in cold wallet thefts worth over $1 million, till now.

Recently, one of the most infamous phishing gangs in crypto, Inferno Drainer, exploited Ethereum’s latest upgrade to drain wallets. On May 24, Scam Sniffer flagged a case where a wallet recently upgraded to EIP-7702 lost nearly $150,000.

EIP-7702 is a part of the Pectra upgrade which allows Externally Owned Accounts (EOAs) to temporarily act like smart contract wallets during transactions. Slowmist founder Yu Xian stated that the Inferno Drainer carried out the theft using a more sophisticated version of traditional phishing. It was unlike any earlier scams that hijack user wallets directly.

He mentioned that the scammer used a delegated MetaMask wallet, one already authorized under EIP-7702. This allowed the hackers to approve token transfers silently through a batch authorization process. In this process, the victim unknowingly triggered an “execute” command within MetaMask that led to processing malicious batch data in the background. In the end, tokens were drained.

The digital assets industry witnesses such attacks when the market is trading high and traders are all in with the hunger to bag more profits. The crypto market has registered several highs over the last week, while the fear and greed index is flashing “Greed” among the traders. The cumulative crypto market cap is running up to hit the $3.5 trillion mark, and Bitcoin, the biggest digital asset, posted its fresh ATH of over $111,900 on May 22.

KEY Difference Wire helps crypto brands break through and dominate headlines fast