Tether Swiftly Blacklists Phishing Address After $20M Theft
A scammer using a zero transfer phishing attack successfully steals $20 million in USDT only to be quickly blacklisted by the stablecoin's issuer.
Share this article
A zero transfer scammer stole $20 million worth of Tether (USDT) on August 1, only to be quickly blacklisted by the stablecoin’s issuer.
Curious who this would be if it was blacklisted within ~1 hr
— ZachXBT (@zachxbt) August 1, 2023
The scam involved the victim receiving $10 million from a Binance account, intending to send the amount to a specific address. However, it was redirected to a phishing address that resembled the intended one, with the victim subsequently sending 20 million USDT to the scammer’s address.
The deceptive method used is known as a zero transfer attack, where the scammer sends a 0 token transaction from the victim’s wallet to a similar-looking address. Confused by the similar address, the victim may then send funds to the wrong recipient.
The funds were sent to a phishing address: 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570, instead of the intended 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570.
The scammer used the zero transfer method:
1. Found an address A that often sent large amounts of USDT to the same address B.
— Alphador (@alphador_ai) August 1, 2023
Tether’s immediate action was to freeze the wallet, with some wondering if “someone serious owned address A.”
This particular scam technique involves the perpetrator sending zero tokens from the victim’s wallet to a slightly tweaked address. Consequently, the victim may confuse this counterfeit address for a legitimate one when checking their transaction history, leading them to mistakenly send their assets to the scammer.