Yesterday, Forbes reported that earlier this year the US “Drug Enforcement Administration” (DEA) fell victim to a fraud that resulted in the loss of $50,000 in crypto.
The federal agency was hit with a “poisoning address” technique, also known as address spoofing, leading it to mistakenly send crypto money to a scammer rather than the correct recipient.
The company Tether, was immediately contacted to block the scammer’s USDT account, but unfortunately there was nothing they could do to remedy the fatal mistake.
The investigation is still ongoing.
Full details below.
The US DEA victim of crypto-fraud: $50,000 stolen using the address spoofing technique
Fraud in crypto affects not only individuals but also institutions: proof of this is the very recent case in which the “Drug Enforcement Administration” (DEA) was scammed out of $50,000.
The story began in May this year when the US federal anti-drug agency seized half a million dollars in USDT from two Binance accounts suspected of attempting to launder money from illicit narcotics trafficking.
The cryptocurrencies were immediately sent to a DEA address, diligently stored via a Trezor hardware wallet stowed in a secure location.
Then, as the DEA sent a test amount of about $45 to the United States Marshals Service, a malicious user became aware of the crypto money movement and attempted the fraud.
In a short time, he managed to create an address very similar to that of the US Department of Justice agency with identical first and last characters, then sending small fractions of cryptocurrencies to the DEA via an airdrop.
This technique is known as “address poisoning” or address spoofing and consists precisely of purposely sending tokens to the victim with the hope that the victim will take back the transaction address as legitimate and transfer assets to it.
In this case, the federal agent who was carrying out the funds transfer was so lazy that he did not check the address in full believing it belonged to the Marshal Service and sent the scammer a whopping $50,000 in USDT.
According to Ethereum’s blockchain explorer Etherscan, the individual who organized the fraud was managing assets of more than $400,000 in crypto, but had only $40,000 on the spoofing address at the time of the heist.
Jake Moore, global security consultant at cybersecurity firm ESET commented on the DEA’s regrettable error this way:
“By only verifying the last four digits of the wallet address, agents could easily believe this to be enough but it is yet another reminder of how important it is to verify everything and have further pairs of eyes confirm the transaction when large sums of money is involved.
Especially due to the nature of this crime where cybercriminals continue to have the upper hand when it comes to digital crime and fraud.”
The most serious thing in this fraud story is not so much the amount of crypto assets lost per se, which is relatively low, but the simplicity with which the Drug Enforcement Administration was scammed.
Address poisoning is in fact a rather trivial technique used by scammers to target inexperienced users in the industry. Federal DEA agents should be more prepared in this context since it does not involve personal money but public funds.
We hope that the author of the serious mistake will be given a crash course in digital security of crypto assets and will pay out of his own pocket for the superficiality of his act.
Failed attempt to freeze stolen USDT: investigation still ongoing
Immediately after realizing the fraud it had fallen into, the DEA immediately tried to contact the issuing company of the USDT stablecoin, namely Tether, to try to free the scammer’s crypto assets.
In fact, Tether has the power to “blacklist” certain addresses, blocking the USDT contained therein and preventing it from being spent and converted to other cryptocurrencies.
This mechanism, while going against the philosophy of decentralization and financial freedom, has proven in recent years to be an excellent way to deny various hackers and scammers from using several million dollars that are the fruit of illegality.
A total of 877 addresses have been banned by Tether on the Ethereum blockchain.
Unfortunately, in this case the operators of the USDT stablecoin could do no more because the coins had already been spent on ETH, BTC and other assets, only to be sent to multiple addresses to lose track.
An in-depth study of the scammer’s history of on-chain transactions led to the discovery that an account on Binance had sent small fractions of Ether to the offending address in order to pay the gas fees of crypto transactions.
To register for the exchange, the individual used two Gmail addresses, which are currently the main driving force in the investigators’ investigation.
The hope is that Google may have information on the identity of the offending email address.
If this does not lead to new discoveries, the money will likely become impossible to recover unless the scammer commits a misstep by sending the crypto assets to an exchange with an account in his name.
However, this is quite unlikely and it is more likely that the individual will transfer the coins to decentralized mixers, launder them through NFT collections, or sell them P2P for fiat money.