Record Time: Tether Foils $20M Zero Transfer Phishing Scam

In a recent incident reported by blockchain security firm PeckShield, a phishing scammer managed to snatch $20 million worth of USDT from an unsuspecting victim using a zero transfer phishing attack.

#PeckShieldAlert A #ZeroTransfer scammer grabbed 20M $USDT from 0x4071...9Cbc.
Intended Address: 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570
Phishing Address: 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570#Tether$USDT has already added the scammer's address 0xa7bf...0570 to the… pic.twitter.com/Y0APPTxIrT
— PeckShieldAlert (@PeckShieldAlert) August 1, 2023
a

The victim's funds were quickly frozen by Tether, the issuer behind USDT, raising questions about the victim's identity and the swift response.

The zero transfer phishing attack worked by tricking the victim into sending USDT to a phishing address that appeared similar to the intended wallet address.

The scammer conducted a zero-value token transfer from the victim's address to the spoofed address during a previous legitimate transaction.

These zero-value transfers do not require approval by the victim's wallet, making them deceptive and difficult to detect.

The technique relies on users relying on their transaction history to verify addresses, often only checking the first and last several characters.

This oversight can lead victims to unknowingly send real funds to the scammer's address, falling into the trap.

This phishing attack has proved to be a significant problem, resulting in a loss of $19 million in victim funds from various wallet providers between late November and Feb 13, 2023.

In a swift response, Tether promptly froze the USDT held at the scammer's address by adding it to its blacklist.

This action surprised some on-chain sleuths and Twitter users who found the speed of Tether's response remarkable.

Speculations arose regarding the potential involvement of an OTC transaction.