A crypto investor lost $2.5 million in stablecoins after falling victim to a double phishing scam involving a sophisticated onchain phishing technique called zero-value transfer.
Within just three hours, the victim was tricked twice: first sending $843,000 worth of USDT and then another $2.6 million USDT to the attackers. The scam exploits the token transferFrom function to transfer zero tokens from the victim’s wallet to a spoofed address without needing the victim’s private key signature. This zero-value transaction appears in the victim’s transaction history, causing them to trust the attacker’s address and send real funds to it later.
This method, known as address poisoning, has been used in other high-profile cases, including a $20 million USDT theft in 2023 before the scammer was blacklisted by the stablecoin issuer.
The incident highlights the increasing complexity and risks of phishing scams in the crypto space, particularly those targeting stablecoins due to their perceived stability and ease of transfer.
The $2.5 million loss is specifically related to stablecoins (USDT), which are popular for their price stability pegged to the US dollar, making them attractive targets for scammers.
This case underscores the need for heightened vigilance and security awareness among crypto investors to avoid falling prey to sophisticated phishing attacks.
It's me, @justmythoughts, an ordinary Hive user looking to make the most of the platform. I will appreciate your support. Follow me for more. Thanks, Gracias :)
