Crypto Investor Loses $2.6M to Double Zero-Value Transfer Phishing Scam: A Deep Dive

In a stark reminder of the evolving threats in the cryptocurrency space, a single investor lost a staggering $2.6 million in stablecoins in just three hours, falling prey to a double zero-value transfer phishing scam. This incident, highlighted by crypto compliance firm Cyvers, underscores the increasing sophistication of onchain scams and the need for heightened awareness and security measures.

The $2.6 Million Loss: A Timeline

According to Cyvers, the victim first sent 843,000 USDT (Tether) and then, approximately three hours later, another 1.75 million USDT to scam-controlled addresses. This rapid succession of losses points to a meticulously planned and executed attack, leveraging the zero-value transfer technique.

Understanding Zero-Value Transfers: A Technical Overview

Zero-value transfers are a particularly insidious form of onchain phishing. Here’s how they work:

• Exploiting the Transfer Function: Attackers abuse the token transfer ‘From’ function on blockchain networks.
• Zero Token Transfer: They initiate a transfer of zero tokens from the victim’s wallet to a spoofed address.
• No Signature Required: Because the amount transferred is zero, the transaction doesn’t require a signature from the victim’s private key for onchain inclusion.
• Poisoning Transaction History: This seemingly harmless transaction appears in the victim’s transaction history, potentially misleading them into trusting the attacker’s address in the future.

The danger lies in the victim subsequently mistaking the attacker’s address for a legitimate or familiar recipient, leading them to send real funds in subsequent transactions.

Zero-Value Transfers vs. Address Poisoning: What’s the Difference?

Zero-value transfers can be seen as an evolution of address poisoning. While both aim to deceive users into sending funds to the wrong address, they differ in their methods:

• Address Poisoning: Attackers send small amounts of cryptocurrency from an address that resembles the victim’s. The goal is for the victim to accidentally copy and reuse the attacker’s address in future transactions.
• Zero-Value Transfers: Attackers initiate a zero-value transfer from the victim’s wallet, adding the attacker’s address to the victim’s transaction history, increasing the likelihood of future mistakes.

Both techniques exploit the user’s reliance on partial address matching or clipboard history when sending crypto.

The Growing Threat: Statistics and Trends

The prevalence of address poisoning and zero-value transfer attacks is on the rise. A January 2025 study found that over 270 million poisoning attempts occurred on BNB Chain and Ethereum between July 1, 2022, and June 30, 2024. Of those, 6,000 attempts were successful, resulting in losses exceeding $83 million.

Real-World Examples: High-Profile Cases

The $2.6 million loss is not an isolated incident. In a notable case from the summer of 2023, a scammer employed a zero-transfer phishing attack to steal $20 million worth of USDT before the stablecoin issuer blacklisted the address.

Protecting Yourself: Prevention Strategies

While the threat is real, there are steps you can take to protect yourself from zero-value transfer and address poisoning attacks:

• Double-Check Addresses: Always verify the full recipient address before sending any cryptocurrency. Don’t rely on partial matching or clipboard history.
• Use Address Books: Maintain an address book of trusted contacts and addresses.
• Be Wary of Unfamiliar Transactions: Scrutinize your transaction history for any unfamiliar or unexpected transfers, even those with zero value.
• Consider Security Tools: Explore using security tools like address whitelisting and transaction simulation to mitigate risks.
• Stay Informed: Keep up-to-date on the latest phishing tactics and security best practices.

The Role of AI in Combating Crypto Scams

The fight against crypto scams is evolving with the help of artificial intelligence. Crypto cybersecurity firms are developing AI-based systems to detect address poisoning attacks. One such tool reportedly has a 97% success rate in preventing address poisoning based on testing across known attack cases.

Conclusion

The $2.6 million loss serves as a harsh reminder of the ever-present dangers in the cryptocurrency world. As scammers become more sophisticated, investors must prioritize security and adopt proactive measures to protect their assets. By understanding the tactics used by attackers and implementing robust security practices, you can significantly reduce your risk of becoming a victim of these evolving scams.