PeckShieldAlert, a crypto security and analytic firm, alerted its followers about the attack and noted the scammer’s address had already been added to Tether’s “Blacklist”.
What is a zero transfer phishing scam?
The scammer who stole the $20m USDT used a zero transfer phishing attack. This is when fraudsters send a small or zero amount of crypto to an address they are looking to scam from. Once the transaction is recorded on the victim’s wallet, the scammer hopes they will copy their wallet address and send funds to it by accident.
These scammers often use the first and last five digits of a wallet address already in use by the victim. This can see victims tricked into sending a transaction to the wrong one. Users often only check these digits as wallet addresses are long complex string of numbers and characters.
PeckShieldAlert noted that both the intended receiver and the phishing account’s wallet both began with 0xa7B and ended with E90570.
The victim in this case first received $10m from Binance and sent it over to another account. Then the scammer sent a USDT transfer into the victim’s account with the phishing address. The victim later sent $20m USDT to the scammer, not knowing that it was a phishing wallet.
Zero phishing scams rise in prominence
As crypto rose in popularity, so did the types of scams in the industry. Popular fraud methods have included fake coins, pump and dumps, and even the classic Ponzi scheme.
But there has recently been a rise in zero transfer phishing scams. The first known instance was recorded back in December 2022. It was SlowMist, a blockchain security firm, that first reported about the new scam in a blog post.
“SlowMist would like to remind you that due to the immutability of blockchain technology and the irreversibility of on-chain transactions, you should double-check the address before executing any activities,” the blog post said.
By February 2023, the blockchain analytic platform Etherscan recorded thousands of zero-value transactions per day to various victims’ wallets without their consent.
Since then, Etherscan has launched a new feature to hide zero transfers. Unveiled in February 2023, the platform said it was hiding these transfers by default to stop “poisoning” phishing attacks.
This is an optional feature and users are able to turn it back on if preferred.
Similarly, the crypto wallet SafePal also took measures to restrict the influence of zero transfer scams. The platform now automatically hides zero-value transactions, while also ensuring the first and last 10 digits of the wallet address is shown.
Is phishing the most popular crypto scam?
The prevalence of phishing in the crypto industry has been noted recently by Forta Network, a blockchain security company. It noted that in May 2023 alone, almost 8,000 blockchain wallets were created by scammers to receive crypto from fraud victims.
Ice phishing was the most used attack by fraudsters. It was responsible for 55% of all scams registered by the Forta Network.
The scammer tricks someone into signing a blockchain transfer, which grants access to their wallet. The phisher is then able to steal all their funds. It is usually done through websites that look convincingly like already existing crypto services.
Other versions see victims tricked into using fraudulent decentralised applications, like exchanges. They are often persuaded with the lure of a free token airdrop or promises of a highly profitable return.