On August 1, a scammer successfully executed a zero transfer phishing attack, stealing $20 million worth of USDT (Tether’s stablecoin) before being blacklisted by the issuer, Tether. The incident was reported by on-chain analytic firm PeckShield, shedding light on the growing concern about such scams in the crypto ecosystem.
Tether froze the wallet after detecting the theft
The victim of the scam, with the wallet address 0x4071…9Cbc, intended to send money to the address 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570. However, due to the scammer’s intervention, the funds were sent to a phishing address, 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570.
The scam unfolded when the victim’s wallet received 10 million USD from a Binance account. After sending it to another address, the scammer executed the zero transfer scam. This involved sending a fake Zero USDT token transfer from the victim’s account to the scammer’s phishing address. Subsequently, the victim mistakenly sent 20 million real USDT to the scammer, believing they were transferring the funds to a familiar address.
Tether acted swiftly to freeze the wallet once the fraudulent activity was detected. The rapid response raised eyebrows in the crypto community due to the speed at which the action was taken. The success of zero transfer phishing scams lies in the fact that users often check only the first or last five digits of a wallet address instead of the entire address.
The growing trend of zero-transfer phishing scams
This oversight leads them to send assets to phishing addresses unknowingly. Scammers exploit this behavior by creating addresses that closely resemble ones the victims have used before. For instance, if a user previously sent 100 coins to a specific address for an exchange deposit, the attacker might send 0 coins from the user’s wallet to an address that looks similar but is controlled by the scammer.
When the victim views this transaction in their history, they may assume it is the proper deposit address and proceed to send their coins directly. The prevalence of zero-transfer phishing scams has increased significantly in the crypto ecosystem over the past year, with numerous instances coming to light. The first known occurrence of this type of scam was reported in December of the previous year and has resulted in over $40 million in losses from such attacks.
To mitigate the risk of falling victim to such scams, users must exercise extreme caution when making transactions. Always verify the complete wallet address, rather than relying solely on a few digits. Additionally, implementing additional security measures, such as two-factor authentication and using hardware wallets, can further safeguard against potential scams.
As the crypto industry continues to grow, scammers are becoming increasingly creative in their fraudulent schemes. Users must remain vigilant and stay informed about the latest security threats to protect their digital assets effectively. The swift action taken by Tether in this case highlights the importance of continuous monitoring and rapid response to ensure the safety and integrity of the crypto community.
