In a recent incident, scammers managed to steal $20 million worth of Tether (USDT) using a zero-transfer phishing attack, according to on-chain analytics firm PeckShield. The victim's wallet address, 0x4071...9Cbc, received $10 million from a Binance account before the scam unfolded. The victim then unwittingly sent this amount to another address, which the scammers then used to trick the victim. They executed a fake transfer of zero USDT tokens from the victim's wallet to a phishing address that close ly resembled the intended destination address.
Subsequently, believing they were sending the funds to their desired address, the victim transferred 20 million USDT to the scammers. Tether, the issuer of USDT, promptly froze the compromised wallet. This type of scam relies on users only checking a portion of a wallet address, which allows attackers to exploit the similarity in addresses and trick victims into sending funds to phishing addresses.
Zero-transfer phishing attacks have become increasingly prevalent within the cryptocurrency space in recent times. These scams involve perpetrators sending a fake transaction with zero tokens to an address that appears similar to the one the victim intends to use. culminated in significant losses , with over $40 million reported in damages since the first such attack occurred in December 2022.
