Crypto investor loses $2.6M in stablecoins in double phishing scam
|A single victim was scammed two times within three hours, losing a total of $2.6 million in stablecoins.
According to data shared on May 26 by crypto compliance firm Cyvers, the victim sent 843,000 worth of USDt , followed by another 1.75 million USDt around three hours later. Cyvers said the scam used a method known as a zero-value transfer, a sophisticated form of onchain phishing.
Source: Cyvers Alert
Zero-value transfers are an onchain phishing technique that abuses token transfer functions to trick users into sending real funds to attackers. The attackers exploit the token transfer From function to transfer zero tokens from the victim’s wallet to a spoofed address.
Since the amount transferred is zero, no signature by the victim’s private key is necessary for onchain inclusion. Consequently, the victims will see the outgoing transaction in their history.
The victim may trust this address since it is included in their transaction history, mistaking it as a known or safe recipient. They may then send real funds to the attacker’s address in a future transaction.
In one high-profile case, a scammer using a zero-transfer phishing attack managed to steal $20 million worth of USDT before getting blacklisted by the stablecoin’s issuer in the summer of 2023.
Advanced form of address poisoning
A zero-value transfer is considered an evolution of address poisoning, a tactic where attackers send small amounts of cryptocurrency from a wallet address that resembles a victim’s real address, often with the same starting and ending characters. The goal is to trick the user into accidentally copying and reusing the attacker’s address in future transactions, resulting in lost funds.
The technique exploits how users often rely on partial address matching or clipboard history when sending crypto. Custom addresses with similar starting and ending characters can also be combined with zero-value transfers.
Threat growing across blockchains
A January 2025 study found that over 270 million poisoning attempts occurred on BNB Chain and Ethereum between July 1, 2022, and June 30, 2024. Of those, 6,000 attempts were successful, leading to losses over $83 million.
The report followed crypto cybersecurity firm Trugard and onchain trust protocol Webacy announcing an artificial intelligence-based system for detecting crypto wallet address poisoning. The new tool purportedly has a success score of 97%, tested across known attack cases.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.