A scammer using zero transfer phishing attack managed to steal $20 million worth of Tether (USDT) on Aug. 1 before getting blacklisted by the stablecoin’s issuer Tether.
According to an update from on-chain analytic firm PeckShield, A zero transfer scammer grabbed 20 million USDT from the victim address 0x4071...9Cbc. The intended address that the victim planned to send money to was 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570; however, it was sent to a phishing address instead: 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570.
The zero transfer phishing scam. Source: EtherscanThe victim's wallet address first received 10 million USD from a Binance account. The victim then sent it to another address before the scammer jumped in. The scammer then sent a fake Zero USDT token transfer out from the victim’s account to the scammer's phishing address. A few hours later the victim sent 20 million real USDT to the scammer thinking they are transferring to a known address.
The wallet was immediately frozen by the USDT issuer Tether raising eyebrows at the speedy nature of the action.
Curious who this would be if it was blacklisted within ~1 hr
— ZachXBT (@zachxbt) August 1, 2023The scam proposers because users generally check the first or last five digits of a wallet address and not the whole address, making them send the assets to the phishing address. The victim is tricked into sending a transaction for zero tokens from their wallet to an address that resembles one to which they have already sent tokens in the past.
How zero transfer scam works. Source: CoinbaseFor instance, if the victim sent 100 coins to an address for an exchange deposit, the attacker might send 0 coins from the victim's wallet to an address that appears to be similar but is actually controlled by the attacker. Upon viewing this transaction in their transaction history, the victim might assume that the address displayed is the proper deposit address. They might therefore send their coins directly.
Related: Is SBF secretly behind BALD? Crypto Twitter debates latest conspiracy
Zero transfer phishing scams have become quite prominent in the crypto ecosystem over the past year with multiple instances of such scams coming to light. The first instance of the zero transfer occurred in December last year and has resulted in over $40 million in losses to such attacks.
Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.
Magazine: How smart people invest in dumb memecoins — 3-point plan for succes