$20M stolen by "Zero Transfer Scam" phishing trick

[albon]

What happened:: How many days ago, a scammer was able, through a phishing trick called "Zero Transfer Scam," to steal nearly 20 million dollars of USDT from one of the victims; the scammer generated addresses with the same first and last letters, and The scammer then sends a dust transaction to the target victim's wallet in order for his generated address to appear in the history of previous transactions, and then the victim, when sending a transaction, pick the last address in previous transactions history and copies it and transfers his funds to it, and this is not the correct address to be transferred to, but it is the address of the scammer who generated it to resemble the address of a victim, and this is what actually happened; fortunately, Tether has blacklisted the address of the scammer who managed to steal $20 million, I think the victim should get a police report to recover his stolen funds.



Reference Link: https://etherscan.io/address/0xa7bf48749d2e4aa29e3209879956b9baa9e90570#tokentxns

Amount Scammed: 20M $USDT

Additional Notes:
In conclusion: everyone should be vigilant and not rush before sending any transaction and not rely on the addresses of previous transactions in the transactions history. Lose 20 seconds of your time and copy the correct address from its correct place instead of losing 20 million in a blink of an eye.

Sources:
[1] https://twitter.com/cz_binance/status/1686764372616515585 [CEO of Binance]
[2] https://twitter.com/PeckShieldAlert/status/1686278380306731008

[CryptSafe]

What a wreckage. So sorry he had to go through as such experience. This is why it is advised to properly look into your wallet to confirm address before conducting any transaction. Ok t does not cost anything to open both application or where ever you want to copy your wallet from for your own safety.

No matter what it takes me i copy my wallet directly from the source. I do not  rely on previous transaction to copy wallet again I make sure to copy directly so I do not make any silly mistake. Sometimes laziness is what causes such big mistake.

Possibly, there is tendency that someone close to him did that to him if not how come  they sent such attack knowing that he copies wallet from previous transaction without proper confirmation. I am just curious how he could just make such mistake looking at the amount involved in the transaction.

[dansus021]

What a crazy amount of money but wait how the scammer can generate the same first later and last letter of the address as far as I know that generating specific thing like this need time and consume computing power unit.

and secondly what happened now are the phising account already move the usdt?

[Cantsay]

This is one of the reasons why it’s always best to type in your wallet address and not just copy from your transaction history aside from the fact that this could also happen there is still the possibility of malware changing the content of your clipboard into something different entirely.

And I guess majority of bitcointalkers are fund of just pasting their wallet address or most times they just check the first few characters and the last one and as soon as it matches they proceed with their transactions.

The guy should be happy that they acted really fast because if they had waited more than they did they scammer would have mixed their coin and Also the fact that USDT is a centralized token assuming it was a decentralized coin like bitcoin mhen that would have been the end of their $20M.

[Oshosondy]

What a crazy amount of money but wait how the scammer can generate the same first later and last letter of the address as far as I know that generating specific thing like this need time and consume computing power unit.

I do not know about how they are generating the address, but this is common on those blockchains like Tron and this has been known on this forum since last year that people should avoid it.

It happened when you have like over $500 worth of USDT at that time. You will see one or many phishing transactions which can be easily used to know the addresses that are not yours. It happened to me and I saw it too on this forum that week.

and secondly what happened now are the phising account already move the usdt?

It is not about the scammer to move the money. The victims saw the scammers address instead on the transaction history and used it. So the victim sent the coin to the scammer address and Tether has blocked the address.

I wonder why people will have wallet address, and their USDT wallet address is just one. The proper way is to click on receive and use the address displayed on the receive page.

[Stalker22]

Who the hell sends 20M to an address they copied from wallet history or blockchain explorer? According to the tweet, it is supposedly a "very experienced crypto operator," whatever the hell that means.

[Yamane_Keto]

Zero Transfer Scam is one of the most common fraud cases on the Ethereum blockchain and I am surprised why explorers/wallets did not try to update their codes to give alerts to users or at least not to show these addresses as it is easy to hide any transaction with a balance of less than $0.1 and thus make the success rate like this Zero fraud.

In conclusion: everyone should be vigilant and not rush before sending any transaction and not rely on the addresses of previous transactions in the transactions history. Lose 20 seconds of your time and copy the correct address from its correct place instead of losing 20 million in a blink of an eye.

Either this user is too rich and too careless to avoid verifying the address or at least sending a small amount for testing or this is a case of tax evasion.

Who the hell sends 20M to an address they copied from wallet history or blockchain explorer? According to the tweet, it is supposedly a "very experienced crypto operator," whatever the hell that means.

This is what makes me question the story. Rich can't make beginner mistakes in this way. Not to mention being a "very experienced crypto operator."

[julerz12]

This has been going on for quite a while, also called address poisoning. This scam is common on most EVM chains like Binance Smart Chain, Ethereum, and Polygon. I rarely see this happen on Arbitrum but maybe because that chain is new. While some block explorers like BSCscan and Etherscan put warnings in transactions that are deemed suspicious, such warnings don't usually show up immediately.

One good thing nowadays is the implementation of SPACE ID. Basically naming your address and it works on multiple chains. This will make your address easy to identify but the problem is, it isn't done with everybody, even exchanges themselves don't have them so it is still not reliable.

It is still best practice to double-check the destination address before sending it on a one-way street.



Read more about Address poisoning here: https://support.metamask.io/hc/en-us/articles/11967455819035-Address-poisoning-scams
SPACE ID: https://space.id/

[FatFork]

What a crazy amount of money but wait how the scammer can generate the same first later and last letter of the address as far as I know that generating specific thing like this need time and consume computing power unit.

Check out the benchmark results of high-performance, GPU-powered vanity address generators for Ethereum, like, for example, "profanity."



According to these results, it can generate a vanity address that matches eight characters in less than 30 seconds on almost any decent GPU. And if you have a GPU mining rig, I assume that the required time is even less, making it possible to generate such an address in a matter of seconds.

and secondly what happened now are the phising account already move the usdt?

CZ has already tweeted that the funds are now frozen (thanks to the "benefits" of a centralized currency such as USDT).

Positive ending for this one. The operator noticed the error right after the transaction, and we were able to request the USDT to be frozen in time. It will now take some process, including filing a police report, to reclaim the funds back. But at least, the funds won't leave with the scammers.

https://twitter.com/cz_binance/status/1686764372616515585

[stadus]

fortunately, Tether has blacklisted the address of the scammer who managed to steal $20 million, I think the victim should get a police report to recover his stolen funds.

Fortunately, this is the best part because if it's bitcoin, then there's no chance of recovering the funds.

I think they'll follow the process if this is the right procedure I'm reading.

https://tether.to/en/tether-token-recoveries/

But, of course, the police report is still very important, as the owner of the stolen funds has to provide everything to ensure that the funds belong to him. That way, there's a chance that the $20 million stolen from him will be recovered, also I'm thinking that more documentation is really needed like a judge decision or anything that prove his ownership.

[Odohu]

This has been going on for quite a while, also called address poisoning. This scam is common on most EVM chains like Binance Smart Chain, Ethereum, and Polygon. I rarely see this happen on Arbitrum but maybe because that chain is new. While some block explorers like BSCscan and Etherscan put warnings in transactions that are deemed suspicious, such warnings don't usually show up immediately.

One good thing nowadays is the implementation of SPACE ID. Basically naming your address and it works on multiple chains. This will make your address easy to identify but the problem is, it isn't done with everybody, even exchanges themselves don't have them so it is still not reliable.

It is still best practice to double-check the destination address before sending it on a one-way street.



Read more about Address poisoning here: https://support.metamask.io/hc/en-us/articles/11967455819035-Address-poisoning-scams
SPACE ID: https://space.id/

Thanks for sharing this and the link was also very helpful. Personally I have observed the increase in various scam formats. As a matter of fact, my wallet have many token which BSCscan was able to indenting some of them as phishing. Well, we all just have to be more careful as some people are out to paint bad image of crypto in general.

[dansus021]

Check out the benchmark results of high-performance, GPU-powered vanity address generators for Ethereum, like, for example, "profanity."



According to these results, it can generate a vanity address that matches eight characters in less than 30 seconds on almost any decent GPU. And if you have a GPU mining rig, I assume that the required time is even less, making it possible to generate such an address in a matter of seconds.

Thanks for the info.

That is crazy fast and anyone literally anyone can be the victim, tho if the scammer mixing their token before know it happen it would be doom. We must extra careful theese days scammer getting really smart.

CZ has already tweeted that the funds are now frozen (thanks to the "benefits" of a centralized currency such as USDT).

Positive ending for this one. The operator noticed the error right after the transaction, and we were able to request the USDT to be frozen in time. It will now take some process, including filing a police report, to reclaim the funds back. But at least, the funds won't leave with the scammers.

Yes hahaha "centralized" token but a feature like this is helpful when there is a scammer with a big amount of money trying to get away