A single victim was cheated twice inside three hours and lost a complete of two.6 million US dollars in stable coins.
According to data that was shared by the Crypto Compliance company Cyvers on May 26, the victim sent a price of $ 843,000 (USDT) about three hours later, followed by an extra UST 1.75 million. According to Cyvers, the fraud used a technique often called a zero value transfer used a complicated type of Onchain Phishing.
Source: Cyvers alarm
Transfers of zero value are an onchain phishing technique that abuses token transfer functions to get users to send real means to attackers. The attackers use the token transfer from the function on zero token from the victim's wallet to a fake address.
Since the quantity transferred is zero, no signature from the victim's private secret is required for the inclusion of Onchains. As a result, the victims will see the outgoing transaction of their history.
The victim can trust this address since it accommodates its transaction history and confuses it as a well -known or secure recipient. You can then send real means to the attacker's attackers in a future transaction.
In a top-class case, a scam that steals a zero transfer phishing attack with a price of $ 20 million price $ 20 million before it was placed on the black list by the issuer of the StableCoin in the summertime of 2023.
Advanced type of address poisoning
A transfer with zero value is thought to be the event of address poisoning, a tactic through which attackers send small quantities of cryptocurrency from an item of a temporal pocket address that resembles the actual address of a victim, often with the identical start and final figures. The aim is to make the user by chance copied and reuse the attackers in future transactions, which ends up in lost means.
The technology uses how users often depend on partial address adjustments or grades when sending crypto. User-defined addresses with similar start and end signs can be combined with zero value transfers.
Threat that grow through blockchains
A study in January 2025 showed that between July 1, 2022 and June 30, 2024, over 270 million attempts at poisoning took place within the BNB chain and within the Ethereum. Of these, 6,000 attempts were successful, which led to losses over 83 million US dollars.
The report was followed by the crypto cyber security company Trugard and Onchain Trust Protocol Webacy, through which a synthetic intelligence-based system for recognizing crypto letter pocket poisoning was announced. The recent tool is claimed to have a hit rating of 97%, which was tested in known attack cases.
