On-chain sleuth ZachXBT was relieved but surprised by Tether’s immediate response to the scam.
A phishing scammer recently stole $20 million in USDT from unsuspecting victims using a zero-transfer phishing attack, blockchain security firm PeckShield reported on Tuesday.
The stolen funds were quickly frozen by Tether, the issuer behind USDT, raising questions about the speed of the victims’ response.
Zero-transmission phishing attacks
According to PeckShield, the victim address was intended to send funds to a wallet but was tricked into sending USDT to a phishing address that began and ended with the same set of characters.
A few days ago, the victim received $10 million in USDT from Binance and sent these funds to the required alternative address. However, while transferring the funds, the scammers transferred zero-value tokens from the victim's address to the phishing address.
As Coinbase explained in a February blog post, the scammers began developing smart contracts in November 2022 designed to create deceptive zero-value transactions from the victim’s address to the scammer’s address, which was designed to look a lot like one of the victim’s actual addresses.
Since the value of the transfer is zero, it does not require the approval of the victim's private key to execute. While this transfer itself cannot steal funds, it can trick the victim into sending real funds to the spoofed address later, especially if the user frequently relies on their transaction history to verify the addresses they can send funds to.
Users often do not check every character of the address they are sending coins to, but only the first and last characters, which makes them more vulnerable to scams like this.
Tether Freeze
Shortly after the transfer, Tether added the scammer’s address to its blacklist and froze the USDT held in the address.
On-chain detective ZachXBT, who has investigated and exposed many phishing scams in the past, found the company’s response speed unusual. “Curious who would it be if it was blacklisted within 1 hour,” he tweeted on Tuesday.
Twitter user 0xG00gly also expressed confusion, saying they “can’t recall a precedent where Tether would act so quickly.” ZachXBT suggested the transfer may be related to an OTC transaction.
Its rival stablecoin issuer Circle previously froze transactions connected to Ethereum privacy mixer Tornado Cash at the request of the US Treasury Department, and Tether did not follow up with a similar freeze.
