Investor loses $20M in USDT phishing attack

On August 1, a phishing attack resulted in the theft of 20 million USDT (stablecoin tether) before the attacker’s account was blocked by Tether, according to Peckshield, a blockchain analytics company. The victim intended to transfer funds from her wallet to another address but fell victim to the fraudster’s scheme, which redirected the money to a phishing address that closely resembled the recipient’s address.

The fraudulent activity took place when 10 million USDT from the victim’s Binance account arrived in her wallet. The fraudster then executed a zero transaction, sending zero USDT from the victim’s account to the phishing address. Mistakenly believing that she was transferring money to a familiar address, the victim sent 20 million real USDT to the fraudster.

Tether promptly froze the attacker’s wallet for an hour as soon as the fraudulent activity was detected, a swift response that surprised the crypto community.

It is worth noting that the main vulnerability in phishing attacks through zero transactions lies in users often only checking the first or last numbers of a wallet address without reviewing it in its entirety.

This negligence leads to users overlooking the substitution and sending assets to phishing addresses. Fraudsters take advantage of this by creating addresses that closely resemble those previously used by victims. If a user has previously sent coins to a specific address for a deposit, a fraudster can send 0 coins to a phishing wallet with a similar address derived from the user’s wallet.

Users frequently mistake such transactions for the correct deposit address and unwittingly send their funds to the fraudster. The popularity of this type of fraud has significantly increased over the past year, with the first known case occurring in December of last year, resulting in more than $40 million in damages.

To avoid falling victim to such incidents, it is crucial for users to carefully verify the complete address of a wallet rather than relying solely on the first and last numbers. Additionally, users can implement additional security measures, such as two-factor authentication (2FA) and the use of hardware wallets.

/Reports, release notes, official announcements.