According to Web3 Antivirus monitoring, a DeFi wallet active for more than 4.5 years was completely drained of approximately $6.5 million, which is basically the largest incident of the year. The user, who had traded and staked heavily with protocols like Lido and Aave, unknowingly signed multiple phishing “permit” signatures that allowed attackers to drain the wallet in a matter of minutes.
We've detected one of the largest wallet drainers in recent months, with total losses now surpassing $6.5M.
— Web3 Antivirus (@web3_antivirus) September 18, 2025
The victim wallet had been active for 4.5 years, trading and investing across DeFi, with significant activity on protocols like Lido and Aave. Despite this long history,… pic.twitter.com/Zfp9YhRGYj
The attackers relied on malicious approvals, disguised to look like legitimate interactions, which allowed scammers to transfer funds without further confirmation.
Stolen assets included:
Over $4M in stETH.
Significant amounts in aEthWBTC and other tokens.
Why even experienced DeFi users are vulnerable
Wallet drainers exploit human behavior rather than contract vulnerabilities. By disguising malicious approvals as standard interactions, scammers bypass wallet-level safeguards and rely on rushed user behavior.
This case shows:
Experience is no guarantee: even a veteran DeFi trader can fall victim.
Wallet protections are not enough: malicious signatures can evade wallet checks.
Attackers are evolving fast: phishing kits increasingly mimic real dApp and wallet flows.
Lessons for the Web3 ecosystem
The incident highlights the urgent need for security at the signing stage. Web3 Antivirus recommends:
Always review and verify signature requests.
Use address books for trusted wallets and contracts.
Revoke unused approvals regularly.
Rely on Web3 Antivirus security suite for extra layers of protection.
Web3 Antivirus solutions for users and businesses
For individual users: the Web3 Antivirus browser extension simulates transactions, detects malicious approvals and poisoned addresses, and warns users in real time before they sign.
For dApps and platforms: the Web3 Antivirus Data API integrates directly into transaction flows, enabling in-app safeguards, evidence-based warnings, and blocking risky interactions across the EVM.
By embedding checks at the transaction layer, Web3 Antivirus reduces the risk of catastrophic losses like the $6.5M incident.
About Web3 Antivirus
Web3 Antivirus is a Web3 security suite built by PixelPlex, a company with deep expertise in blockchain infrastructure, smart contract development, and DeFi research. The suite is dedicated to protecting crypto users and businesses from scams, malicious contracts and phishing attacks. Through its browser extension and Data API, Web3 Antivirus enables proactive defense at both the user and enterprise levels.