Blockchain security service PeckShieldAlert has flagged a significant cryptocurrency scam involving a zero-transfer attack.
On August 1st, the scammer managed to pilfer 20 million USDT from an unsuspecting victim, employing a deceptive method that took advantage of the victim’s trust.
In a proactive move, Tether quickly intervened by blacklisting the scammer’s addresses, effectively freezing the stolen crypto assets within an hour of the incident.
The victim, identified as 0x407e, had previously received 10 million USDT from Binance. Following standard procedure, they initiated a transfer of the received coins to an alternate address.
It was during this transaction that the scam took place. The attacker executed a zero-value token transfer from the victim’s address to a phishing address.
The scheme unfolded hours later when the victim unwittingly transferred 20 million USDT to the scammer’s address, assuming it was their intended alternate address.
The zero-value transfer scam operates on a unique strategy that preys on users’ tendencies to focus on only the first and last digits of wallet addresses, often overlooking the complete address.
Scammers create phishing addresses that closely resemble legitimate ones, leading victims to believe they are sending tokens to their intended recipients.
These zero-value transfers do not require access to the victim’s private key, and while they don’t directly steal funds, they set the stage for future deceitful transactions.
Remarkably, Tether responded swiftly to the attack. Recognizing the severity of the situation, Tether blacklisted the addresses associated with the scammer, thereby freezing the stolen crypto assets and minimizing the potential fallout of the attack.