Scammer Steals $20 Million in USDT from Tether

A scammer used a zero-day phishing attack to steal $20 million worth of USDT.
A zero-day scam involves a malicious party redirecting funds to a wallet address similar to a user’s known address.
Tether instantly recognized the attack and blacklisted the scammer, and froze the funds.

A zero-transfer scammer managed to siphon $20 million worth USDT on August 1, 2023, before being immediately blacklisted. The perpetrator executed a zero-transfer phishing attack to redirect the stolen funds to a malicious address.

#PeckShieldAlert A #ZeroTransfer scammer grabbed 20M $USDT from 0x4071…9Cbc.
Intended Address: 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570
Phishing Address: 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570#Tether $USDT has already added the scammer's address 0xa7bf…0570 to the… pic.twitter.com/Y0APPTxIrT
— PeckShieldAlert (@PeckShieldAlert) August 1, 2023

Via @PeckShieldAlert – X

What Happened and Tether’s Response

This sophisticated scam involved the victim receiving $10 million from a Binance account, intending to forward the funds to a specific address. However, the scammer cleverly redirected the transaction to a phishing address that bore a striking resemblance to the intended destination. Deceived by the similarities, the victim unwittingly sent a staggering 20 million USDT to the scammer’s devious address. Upon discovering the scam, Tether promptly blacklisted the wallet and froze the funds.

😏 The scammer stole $20 million $USDT, and within an hour they were already blocked by #Tether

The scammer used the zero transfer method:

1. Found an address A that often sent large amounts of USDT to the same address B.

Address: https://t.co/1OE24nfaw3 pic.twitter.com/RDfwZ9TeuD
— Alphador (@alphador_ai) August 1, 2023

Vai @alphador_ai – X

Zero-Transfer Scam Explained

In a zero-transfer attack, a scammer initiates a token-less transaction from the victim’s wallet to a slightly altered address. When the victim checks their transaction history, they may mistake the counterfeit address for a legitimate one, ultimately transferring their assets to the scammer’s control.

Zero transfer phishing scams have become alarmingly prominent in the crypto ecosystem, resulting in significant financial losses. Users typically focus on a wallet address’s first or last few digits, inadvertently overlooking potential discrepancies and falling prey to these scams.

Conclusion

The zero-transfer scam that cost the victim $20 million is a stark reminder of the importance of due diligence and awareness in the fast-paced world of cryptocurrencies. To protect against such attacks, users must exercise heightened caution when conducting transactions. Verifying the complete wallet address and employing multi-factor authentication can safeguard against phishing attempts. The swift action taken by Tether highlights the importance of vigilance and rapid response in preserving users’ assets in the crypto space.