🔹 A shocking loss in just one morning: A cryptocurrency investor fell victim to an unusual double phishing attack, losing a total of $2.6 million in stablecoins — all within just three hours. The attackers used a clever method known as zero-value transfers, a more advanced form of address poisoning that’s becoming an increasingly serious threat in the crypto space.
🔹 Two attacks, one target: user trust
According to the cybersecurity firm Cyvers, which specializes in on-chain compliance, the victim sent two large payments within hours:
🔹 first, $843,000 USDT,
🔹 followed by another $1.75 million USDT.
Both transactions were executed using a deceptive phishing method involving zero-value transfers — a subtle and sophisticated technique that is often overlooked by even seasoned users.
🔹 How do zero-value transfers work?
This attack exploits token transfer functions to insert a fake transaction with a zero token value into the victim’s on-chain history. Since the transfer amount is zero, it doesn’t require a signature from the victim’s private key.
As a result, the fake recipient address appears in the victim’s transaction history, giving the illusion that it’s a trusted or previously used address.
📌 Then the real danger begins: The victim, believing they are sending funds to a familiar recipient, copies the address directly from history. The result? The transaction goes straight to the scammer.
🔹 Not the first case – and likely not the last
This trick isn’t new — in 2023, a hacker using the same zero-transfer phishing tactic stole $20 million in USDT before being blacklisted by the stablecoin’s issuer.
Zero-value transfers are considered an advanced form of “address poisoning,” where attackers send a tiny amount of crypto from a wallet that closely resembles the victim’s (sharing similar first and last characters). The goal is to trick users into copying and reusing the wrong address in future transactions — resulting in major losses.
🔹 A growing threat across blockchains
A January 2025 study revealed that between July 2022 and June 2024, there were more than 270 million attempted phishing attacks on BNB Chain and Ethereum. While most were unsuccessful, 6,000 succeeded, leading to over $83 million in losses.
🔹 AI to the rescue: New defense tools emerge
To fight this threat, cybersecurity firms are stepping up. Trugard, in collaboration with the trust protocol Webacy, introduced a new AI-powered system for detecting address poisoning in crypto wallets. Their tool reportedly achieved a 97% success rate during tests on known attack scenarios.
🛡️ The lesson? Don’t trust your transaction history blindly. Always double-check recipient addresses, and use advanced tools to catch subtle scams. In the world of crypto, even one click can cost millions.
#CryptoScamAlert , #CyberSecurity , #CryptoNewss , #phishing , #CryptoSecurity
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“