In a shocking incident, a scammer successfully executed a zero transfer phishing attack and managed to steal a staggering $20 million worth of Tether (USDT) on August 1. The stablecoin’s issuer, Tether, quickly blacklisted the scammer, but the damage was already done. This incident sheds light on the growing menace of zero transfer phishing scams in the crypto world.
According to the on-chain analytic firm PeckShield, the scammer targeted a victim address (0x4071…9Cbc) and manipulated the transaction. The victim intended to send money to the address 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570. However, the funds ended up being sent to a phishing address (0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570) due to the scammer’s intervention.
Initially, the victim’s wallet received $10 million from a Binance account. Subsequently, the victim made another transaction to another address. It was during this transfer that the scammer seized the opportunity to execute the zero transfer phishing attack. The scammer ingeniously sent a fake Zero USDT token transfer from the victim’s account to the phishing address.
It is worth noting that users often rely on checking only the first or last five digits of a wallet address, rather than the entire address. This common practice inadvertently plays into the hands of scammers, who exploit this limitation. In the case of the victim, they unknowingly sent the funds to the phishing address, believing it was the desired destination.
The modus operandi of zero transfer phishing scams is deceptively simple yet devastatingly effective. Scammers exploit the victim’s familiarity with a previously used address and create a similar-looking address under their control. By sending a transaction for zero tokens from the victim’s wallet to the phishing address, the scammer tricks the victim into believing that they are transferring funds to a legitimate address.
Unfortunately, zero transfer phishing scams have become increasingly prevalent in the crypto ecosystem over the past year. This incident is not an isolated case, as numerous instances of similar scams have come to light. In fact, the first recorded instance of a zero transfer scam occurred back in December 2022, resulting in losses of over $40 million so far.
As the crypto industry continues to thrive, it is crucial for users to remain vigilant and adopt best practices to protect their assets. Verifying the complete wallet address, rather than relying on just a few digits, is a simple but effective measure to thwart phishing attempts. Additionally, staying informed about the latest scamming techniques and exercising caution while transferring funds can go a long way in safeguarding against such attacks.
The incident serves as a reminder of the evolving nature of cyber threats in the crypto space. By collecting this article as an NFT (Non-Fungible Token), you not only preserve this moment in history but also show your support for independent journalism in the crypto industry. Take a stand against scams and contribute to the wider awareness needed to combat these malicious activities.