Zero transfer scams have become increasingly prevalent in the crypto ecosystem, leading to over $40 million in losses in 2023 alone. On Aug. 1, a scammer successfully executed a zero transfer phishing attack. He made away with $20 million worth of Tether before being banned by the stablecoin’s issuer, Tether.
The Zero Transfer Scam and The Phishing Process
According to an update from on-chain analytic firm PeckShield, the zero transfer scammer targeted the victim’s address, 0x4071…9Cbc, and managed to grab 20 million USDT. The victim had intended to send the money to the address 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570. However, it was sent to a phishing address, 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570.
The victim’s wallet received $10 million from a Binance account before the scammer intervened. The scammer then executed a fake Zero USDT token transfer from the victim’s account to the phishing address. Hours later, the victim unwittingly transferred 20 million USDT to the scammer, believing it was going to their desired address.
Upon detecting the fraudulent activity, Tether promptly banned the scammer’s wallet. This drew attention to the speed of their action in freezing the assets.
Many users only check the first or last five digits of a wallet address rather than verifying the entire address, making them susceptible to phishing attacks. This lack of verification can lead them to send their assets to a phishing address inadvertently.
The Anatomy of a Zero Transfer Scam
To illustrate, when a victim sends coins to an address for an exchange deposit, the attacker might exploit this history. They would then send zero coins from the victim’s wallet to an address that appears similar but is controlled by the attacker. The victim, reviewing their transaction history, might assume the address displayed is the proper deposit address and unknowingly send their coins to the phishing address.
Over the past year, zero transfer phishing scams have gained traction within the crypto ecosystem, causing significant financial losses. The first documented instance occurred in December 2022, with losses totaling over $40 million from such attacks since then.
Read More:
Ukraine’s Crypto Firms Under Scrutiny as Government Demands Financials