A victim lost $2.5 million in stablecoins after falling for two zero-value transfer phishing scams within three hours, raising concerns over address poisoning tactics.
A single victim has been scammed two times within three hours, losing a total of $2.5 million in stablecoins.
According to data shared on May 26 by crypto compliance firm Cyvers, the victim sent 843,000 worth of USDt (USDT) followed by another 2.6 million USDt around three hours later. Cyvers said the scam used a method known as a zero-value transfer, a sophisticated form of onchain phishing.
Zero-value transfers are an onchain phishing technique that abuses token transfer functions to trick users into sending real funds to attackers. The attackers exploit the token transferFrom function to transfer zero tokens from the victim’s wallet to a spoofed address.
Read more