The investor has lost millions in the USDT phishing scam
On May 26, 2025, a cryptographic investor was the victim of a series of onchain phishing attacks. The company of compliance with the Cyvers crypto announced that the victim had lost a total of $ 2.6 million in cryptocurrencies.
It all started when the user sent 843,000 Tether USDT (USDT) to an address other than the planned recipient. Three hours later, the user sent 1.75 million USDT more to the same address. The result: all of this was lost in hours.
But how did the user make this mistake? According to Cyvers, the user has become the target of a zero value transfer scam.
How does a zero value transfer scam work?
The zero value transfer is a misleading scam method which takes advantage of the user’s confusion and can be carried out without required private key.
Crypto portfolio addresses consist of alphanumeric characters. Although the number of characters varies for each blockchain, he is never under 26 years old. In the case of the USDT, it varies from 34 to 42.
Facing long characters stretched at random is a confusing and risky task that could cause serious losses in the event of spelling, because cryptographic transactions cannot be reversed due to the immutable nature of the blockchain. Therefore, users generally resort to the copy of wallet addresses when sending cryptocurrencies.
In transference scams with zero value, malicious actors abuse this practice. They are looking for in the targeted wallet and identify the addresses with which he interacted. The crooks then create a vanity address which shares the same initial and last characters with an interagi address and sends a transaction which contains no value.
The idea is to place the phony address in the transaction history of the targeted portfolio. The user who seeks to send crypto again to a familiar address could scroll through past transactions and accidentally copy the false address of the crook. Consequently, the user without knowing a transaction to the crook without any way without any means of recovering the lost cryptocurrencies.
A zero-token transfer feat is only a tactics of poisoning at the address, a umbrella term for scams that count on knitting and do not require that attackers take control of seed phrases or private keys.
Did you know? The landscape of the current cryptographic address resembles the era of the Internet pre-domain name (DNS) system system. Before DNS, users had to type digital IP addresses to access websites. Some blockchain solutions are available that work similar to DNS and make wallet addresses readable by humans, such as Ethereum Name System (ENS).
Other tactics of the poisoning of cryptography
Imitation of legitimate addresses is a widely used method for poisoning the address and can also be carried out by sending a minimum of quantities of crypto to the targeted address to gain credibility.
Scholars also use sophisticated phishing tactics of the crypto portfolio and those that mix them with crypto hacking methods, such as:
- Imitation: This method operates similarly to zero value transfer; The difference is that the attackers imitate high confidence entities such as a public figure or a protocol rather than random selected addresses. They create an address of vanity that resembles the address of these entities and place the false address in the victim’s portfolio transactions to deceive users who only look at the start and end of an address. Social engineering strategies, such as identity on social networks, can also support this method.
- QR codes: This tactic uses the convenience of digitization portfolio addresses via QR codes by creating false. The crooks distribute these false QR codes via social media or stick them in physical locations to deceive reckless users. QR codes can also lead to sossedal addresses of those legitimate, which makes detection even more difficult.
- Interception through malicious software: This type of address poisoning involves hacking malware. Once the attackers have managed to install malware on the aircraft of a victim, they can divert the clipboard and replace the address of the portfolio copied by theirs. The victim sticks to the attacker’s address without knowing it and sends him the crypto instead of the planned recipient.
- Smart contract feat: Intelligent contracts poorly coded and not audited are inclined to browse poisoning. The attackers can take advantage of the bugs and the faults of the contract, such as poor validation of entries and reversal, to encourage the contract to use a false address or modify a critical variable in mid-transaction. Consequently, users of the contract could send crypto to the attacker rather than the legitimate address.
The cost of the crypto poisoning attacks
The poisoning of the address in 2025 has so far has investors to investors. February experienced $ 1.8 million in losses, while March lost $ 1.2 million due to this cryptographic scam. In May, only one incident exceeded two aforementioned months with a loss of $ 2.6 million.
The attacks are under serious losses on major blockchains like Ethereum and BNB chain. Between 2022 and 2024, around 17 million addresses were poisoned on Ethereum, zero transfer attacks representing 7.2 million number. Among these, 1,738 attempts have succeeded and made users lose nearly $ 80 million.
During the same period, the BNB channel was affected by nearly 230 million attempts to poison at the address. Blockchain users underwent a total of $ 4.5 million in losses due to 4,895 successful attacks.
The figures reveal that the poisoning of the address is a serious threat which cannot be ignored. But how can users prevent being the victim of this scam tactic?
How to stay safe against poisoning attacks at the cryptographic address
The poisoning of the address is a sneaky web3 security threat which is difficult to detect, but certain precautions can take to stay safe.
Of course, the most obvious security measure is to make double verification a habit. Always check the address of the beneficiary portfolio before signing a transaction.
Apart from that, users can take precautions, such as:
- Use of new addresses: Create new addresses for each transaction. This reduces the probability of becoming a victim of attackers who check the history of transactions to perform the crypto-phishing.
- Keep the addresses of the private wallet: Avoid publicly sharing your wallet addresses. These addresses are easier targets for malicious actors.
- Ignore small transactions: Be careful about small crypto transfers. There is a good chance that they treat attempts at poisoning.
- Use of safe cryptography wallets: Use a famous wallet with phishing protective characteristics. Some portfolios report suspicious addresses or alert you when you stick a known scam address.
- Next updates: Watch blockchain scam alerts. Platforms focused on web3 security, such as Cyvers, Peckshield and Certik, as well as well-known personalities like Zachxbt, provide timely alerts on scams, hacks and suspicious activities that can help users avoid interacting with usurped addresses.
- Address verification: Manually check the wallet addresses when scanning QR codes. Avoid scanner from unreliable sources is also an effective measure.
- Use of antivirus software: Install anti-malware and browser extensions. Tools like Wallet Guard or Scam Sniffer can block malicious scripts and false known sites.
- Consider name systems: Use the blockchain denomination system solutions whenever possible. The transaction with humans readable by humans is a safer option that considerably reduces the probability of address poisoning.
- Use of safe smart contracts: Use intelligent audited and carefully tested contracts to avoid being the victim of exploits.
