DEA Duped by Common Crypto Scam, Sends $55K to Wrong Address
The DEA's carelessness caused them to transfer $55,000 to scammers.
Share this article
In May, the U.S. Drug Enforcement Administration (DEA) was tricked by a common crypto scam, resulting in a loss of over $50,000 in USDT.
In a revelation from a search warrant examined by Forbes, the DEA had seized approximately $500,000 in Tether from two Binance accounts believed to be laundering illicit drug money. The confiscated amount was stored in a Trezor hardware-based wallet, under the DEA’s control.
The scam happened after the DEA sent a test transaction to the U.S. Marshals Service, the enforcement arm of the federal court system. In order to fool the DEA, the scammer quickly created a fake wallet with the same first five and last four characters as the Marshals’ wallet. The scammer then airdropped small amounts of Tether to the DEA’s wallet to make it appear as if the fake wallet belonged to the Marshals Service.
The trick worked, as the DEA didn’t bother checking the full wallet address as they were transferring funds, sending over $55,000 in crypto to the scammer.
In order to fool the DEA, the attacker used a common scam known as address poisoning, which “involves scammers sending transactions of no value to your account from an address that’s very similar…. Their hope is that you will then absent-mindedly copy this address from your transaction history in the future,” according to MetaMask.
Bad actors can use vanity address generation tools to mine addresses similar to the ones their victims regularly interact with. Perpetrators of these scams generate millions of wallet addresses to find convincing matches, and address poisoning schemes are possible on Bitcoin, Ethereum, and many other Layer-1s.
The DEA tried to freeze the funds, which is possible on Tether, after the Marshals Service alerted them, but the funds had already been converted into Bitcoin and Ethereum.
Even though the two authorities found some clues as to the identity of the scammer, like two email addresses linked to Binance accounts, the perpetrator behind the scam is still at large.