A crypto enthusiast experienced a devastating financial blow, losing a staggering $2.6 million in stablecoins through a cunning double phishing scam. This alarming incident unfolded within a mere three-hour window, highlighting the sophisticated methods cybercriminals are now employing. On May 26, Cyvers, a respected crypto compliance firm, laid bare the details of this intricate scheme that ensnared the victim.
The Double Whammy: How It Happened
Two separate transactions—first for $843,000 and then for $1.75 million in USDt (USDT)—were sent to the scammers. The perpetrators used a malicious tactic called a zero-value transfer, a burgeoning and intricate form of onchain phishing. This technique manipulates token transfer functions, leading victims to inadvertently send funds to fraudulent addresses. It’s a stark reminder of the ever-evolving threats lurking in the crypto realm.
Expertly exploiting the token transfer “From” function, attackers transfer zero tokens from the victim’s wallet to a counterfeit address. Because no actual tokens are moved, the transfer doesn’t require the victim’s private key signature, yet it appears in their transaction history. This trickery can deceive even seasoned crypto users into believing the address is safe, prompting them to send real funds unwittingly.
The Evolution of Phishing Tactics
The recent incident underscores the growing menace of zero-value transfers, which are essentially an advanced form of address poisoning. Address poisoning has been a thorn in the side of crypto users, with attackers sending small amounts from addresses mimicking legitimate ones, hoping the victim will accidentally reuse the wrong address during future transactions. As explored in our recent coverage of AI-Powered Court System Is Coming to Crypto With GenLayer, the integration of AI into the crypto space could potentially offer new solutions to combat such sophisticated scams.
“Zero-value transfers are a cunning evolution,” said blockchain security analyst, Fiona Zhou, commenting on the incident. “Cybercriminals are getting more creative in exploiting the inherent trust users place in their transaction history. It’s a wake-up call for all of us.”
This technique leverages the human tendency to rely on partial address matches or clipboard histories when sending crypto. By crafting addresses with similar starting and ending characters, attackers increase the likelihood of success, especially when combined with zero-value transfers.
A Growing Threat Across the Crypto Landscape
The frequency of such attacks is rising. A study released in January 2025 reported over 270 million poisoning attempts on major blockchains like BNB Chain and Ethereum between mid-2022 and mid-2024. Alarmingly, 6,000 of these attempts were successful, culminating in losses exceeding $83 million.
In response to this burgeoning threat, companies like Trugard and Webacy are developing AI-driven systems to detect address poisoning. These technologies, boasting a 97% success rate in trials, offer a glimmer of hope for enhancing security in an industry fraught with risks. This follows a pattern of technological integration, which we detailed in Multi-wallet usage up 16%, but AI may address crypto fragmentation gap.
However, the road to comprehensive protection is long and fraught with hurdles. As hackers continue to refine their tactics, the crypto community must remain vigilant and proactive in safeguarding digital assets. The recent high-profile case where a scammer swindled $20 million in USDT using a similar phishing method—only to be blacklisted by the stablecoin’s issuer—serves as a sobering reminder of the stakes involved.
Looking Ahead: Vigilance and Innovation
As the crypto landscape evolves, so too do the strategies of those who seek to exploit it. The incident involving the loss of $2.6 million underscores the need for enhanced awareness and technological innovation to protect against increasingly sophisticated scams. While tools like those developed by Trugard and Webacy show promise, the community at large must foster an environment of continuous education and security consciousness.
In the end, the battle against crypto fraud is a game of cat and mouse. Users must remain informed and cautious, while developers and security firms must stay one step ahead of the perpetrators. The question now is whether the industry can adapt quickly enough to outpace the ever-evolving threats. As always, the crypto world watches and learns, one block at a time.
Source
This article is based on: Crypto investor loses $2.6M in stablecoins in double phishing scam
Further Reading
Deepen your understanding with these related articles:
- AI Crypto Agents Are Ushering in a New Era of ‘DeFAI’
- Google Adds Blockchain Tech to Wallet to Let Users Prove Age Without Sharing Data
- Visa and Baanx Launch USDC Stablecoin Payment Cards
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
