A single wallet approval can live longer than your memory
Not long ago, researchers noticed a strange transaction on one Ethereum address. Some stETH tokens were sent to it — and almost immediately forwarded to a phishing address. So well-known, in fact, that both Etherscan and several crypto wallets automatically flag it as malicious.
What’s interesting is that the previous transaction involving the sender’s address was from a year and a half earlier — and that time too, the tokens ended up in wallets that are now marked as scam-related.
Could the wallet owner really have fallen for the same trap twice, 500 days apart? Hard to believe!
Here’s the most likely story:
- At some point, the wallet owner connected their wallet to a suspicious website.
- The scammers behind it gained smart-contract permissions to move funds.
- A year and a half later, after recovering from that loss, the user topped up the same wallet again.
- But those old permissions were still active — and the moment new funds arrived, the malicious contract drained them.
I’ve said it many times: your crypto wallet is a terrible login tool. How many of us actually read what we’re signing during wallet-based logins? Almost none.
And even if you use an empty wallet just for sign-ins, this story proves that a malicious contract can patiently wait for months or years until you refill it — and then instantly steal everything.
Be careful when connecting your wallet to websites.
And remember: to exchange crypto on rabbit.io, you don’t need to connect your wallet at all. You simply receive an address and send crypto manually — because that’s the easiest way to be sure you know exactly what transaction you’re authorizing.
