20 Million USDT Scam Foiled: Deceptive Wallet Impersonation Prevented in Time

By Tsunami 08/3/23 3:49 AM

In a surprising turn of events on August 1, 2023, the crypto community on Twitter uncovered a deceitful scheme carried out by Tether, a stablecoin issuer. The company blacklisted a wallet address containing 20 million USDT, effectively “freezing” the funds and preventing them from being transferred elsewhere.

What makes this discovery even more noteworthy is that the 20 million USDT was only recently withdrawn from Binance, just an hour before it was frozen.

ℹ️ The #USDT on the frozen address seems to have originated from #Binance about an hour ago.

— Whale Alert (@whale_alert) August 1, 2023

According to cybersecurity firm PeckShield, this incident is the result of a sophisticated crypto scam known as “zero transfer.” In this method, malicious actors create a wallet address with characters at the beginning and end identical to the victim’s wallet address. They then perform transactions, sending small amounts of tokens to this deceptive address to camouflage their activities. Later, when the victim attempts to transfer funds out, they may inadvertently select the imposter address, falling prey to the scammer’s trap.

#PeckShieldAlert A #ZeroTransfer scammer grabbed 20M $USDT from 0x4071…9Cbc.
Intended Address: 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570
Phishing Address: 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570#Tether $USDT has already added the scammer’s address 0xa7bf…0570 to the… pic.twitter.com/Y0APPTxIrT

— PeckShieldAlert (@PeckShieldAlert) August 1, 2023

In the recent case, the attacker utilized a phishing address, “0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570,” which shares the first five and last six characters with the victim’s legitimate address, “0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570.” Many crypto wallet applications and DeFi platforms display only the first and last characters of an address for user interface purposes, unwittingly enabling attackers to exploit the zero transfer attack.

Changpeng Zhao, CEO of Binance, issued a warning to the community, acknowledging that anyone could fall victim to this trap. The targeted individual in this incident, as per CZ, was an experienced Chinese crypto investor. He shared the details on Twitter, stating that they were fortunate enough to detect the scam quickly, saving themselves from a loss of $20 million. CZ emphasized the importance of recognizing these tactics and taking preventive measures.

I want to share this (luckily) unsuccessful, but very clever and close scam incident from yesterday 👇. Saved $20m. Hope it may also save you one day.

The scammers are so good now they generate addresses with the same starting and ending letters, which is what most people check… https://t.co/DFpdX8aNay

— CZ 🔶 Binance (@cz_binance) August 2, 2023

The scammers have become adept at generating addresses with matching starting and ending letters, capitalizing on the tendency of people to check only those portions when conducting a crypto transfer. Additionally, many wallets obscure the middle part of an address with ellipses (“…”) to improve the user interface. As a consequence, when users attempt to copy an address from a previous transaction, they may inadvertently choose the wrong one, as was the case in this recent incident.

Fortunately, the victim noticed the error immediately after the transaction and acted swiftly to request the freezing of the USDT funds. The process to reclaim the funds will involve filing a police report, but at least the scammers won’t be able to abscond with the money.

As exemplified in this incident, a prompt response is crucial in such recovery efforts. It serves as a vital reminder for all crypto users to exercise utmost caution and vigilance to avoid falling victim to such scams. The crypto community should stay informed about emerging threats and employ necessary security measures to protect their assets effectively.