A single victim has been -scammed twice in three hours, losing a total of $ 2.5 million in stablecoins.
According to Data Distributed on May 26 by Crypto Compliance Firm Cyvers, the victim sent 843,000 USDT worth (USDT) Following another 2.6 million USDT around three hours later. Cyvers said the scam uses a technique known as a Moving zero-valuea sophisticated form of onchain phishing.
Zero-value transfers are an onchain phishing technique that abuses token transfer functions to deceive users by sending real funds to attacks. Attacks take advantage of the token transferfrom function to move zero tokens from the victim’s purse to a spoofed address.
Since the amount transferred is zero, no signature of the victim’s private key is required for the integration of onchain. As a result, the victims will see the outgoing transaction in their history.
The victim may trust this address because it includes their transaction history, which is mistaken as a well -known or safe recipient. They can send real funds to the address of the attack on a future transaction.
In a high -profile case, a scammer using a zero transfer phishing attack managed to steal $ 20 million worth of The USDT before capturing the StableCoin Putorial Blacklist in Tag -Heart of 2023.
Related: Hackers who use fake ledger live app to steal seed phrases and drain crypto
Address Advanced Form of Poisoning
A transfer of zero-value is considered an evolution of Address of poisoning – A tactic in which attacks send small amounts of cryptocurrency from a purse address that closely resembles a victim’s true address, often with the same start and end of characters. The goal is to deceive the user in accidental copying and reuse of the address of the attack on future transactions, resulting in lost funds.
The procedure of how users often rely on partial matching or clipboard history when transmitting crypto. Custom addresses with a similar start and end of characters can also combine with zero-value transfers.
Related: The Industry Exec sounds alarming to the Ledger Phishing Letter delivered by USPS
Threat that grows throughout the blockchains
A January 2025 Study It was found that more than 270 million poisoning attempts took place in the BNB chain and Ethereum between July 1, 2022, and June 30, 2024. Of those, 6,000 attempts were successful, leading to losses of more than $ 83 million.
The report complies with the crypto cybersecurity firm Tugard and Onchain Trust Protocol Webacy expressing an artificial intelligence -based system for Removal of Crypto Wallet Wallet Poisoning. The new tool purportedly has a successful 97%score, tested in known attack cases.
Magazine: Crypto Scam Hub Expose Stunt Goes Viral, Kakao saw 70k Scam Apps: Asia Express
