Double phishing attack deprived crypto investor of $2.5 million

The attack was carried out using the 'zero transfer' method, one of the forms of on-chain phishing. The method involves sending the victim a transaction with a zero amount, which appears in the transaction history. This creates an illusion of legitimacy for the scammer's address, and the user, relying on the transaction history, may inadvertently copy and use the scammer's address for a real fund transfer.

In the described Cyvers case, the scammer used an address similar to a legitimate one, which misled the victim. The victim initially sent 843,000 USDT to the scammer's address, and just three hours later, unaware of the deception, transferred another 1.75 million USDT to the same scammer — resulting in total losses of about 2.6 million USDT.