A single victim was cheated twice in three hours, losing a total of $ 2.6 million in Stablecouins.
According to data Shared on May 26 by Crypto Cyvers Cyvers, the victim sent USDT (USDT), and then another USDT $ 1.75 million about three hours later. Cyvers said that the fraud was used a method known as the transfer of zero value, the sophisticated form of phishing on onchain.
Zero value transfers are a phishing technique that abuses the token transfer function to deceive users to send real funds to attackers. The attackers operate the token transfer from the function to transfer zero token from the victim’s portfolio to a forged address.
Since the transferred amount is zero, no private signature is necessary to turn on onchain. Therefore, the victims will see the outgoing transaction in their history.
The victim can trust this address because it is included in the history of transactions, confusing him as a well -known or unthreatening recipient. Then they can send real funds to the address of the attacker in the future transaction.
In one high -profile case, a fraudster using a zero phishing attack managed to steal USDT $ 20 million before he was on the black list by the Issuer Stablecoin in the summer of 2023.
Related: Hackers using a counterfeit Ledger Live application to steal seed phrases and drainage cryptocurrencies
Advanced form of address poisoning
The transfer of zero value is considered the evolution of address poisoning, tactics in which the attackers send diminutive amounts of cryptocurrencies from the portfolio address, which resembles the true address of the victim, often with the same pre -and final signs. The goal is to save the user to accidentally copy and reuse the attacking address in future transactions, which results in lost funds.
The technique uses how users often rely on the partial matching of the address or history of the clipboard when sending Crypto. Custom addresses with similar initial and end signs can also be combined with zero value transfers.
Related: The exec industry sounds an alarm on the Ledger phishing list provided by USPS
Threat growing in blockchains
January 2025 test He stated that over 270 million attempts at poisoning took place in the BNB and Ethereum chain between July 1, 2022 and June 30, 2024, of these 6,000 attempts were successful, which led to losses of over $ 83 million.
The report was in line with Crypto Cyberscurity security Trugard and Onchain Trust Protocol Webca, announcing a system based on artificial intelligence to detect poisoning in a cryptocurrency portfolio. The fresh tool allegedly has the result of 97%success, tested in known cases of attack.
Warehouse: Crypt Hub Expose Caske becomes viral, cocoa detects 70k fraud applications: Asia Express
