"Impersonation" Wallet Scheme to Steal 20 Million USDT Thwarted
A scammer attempted to steal 20 million USDT using a wallet address impersonation scheme but was successfully thwarted.
Details of the Impersonation Scheme
On August 01, 2023, the crypto community on Twitter noticed that stablecoin issuer Tether had blacklisted a wallet address containing 20 million USDT, effectively freezing it and preventing any further transfers.
What makes this case noteworthy is that the 20 million USDT had just been withdrawn from Binance about an hour before being frozen.
ℹ️ The #USDT on the frozen address seems to have originated from #Binance about an hour ago.
— Whale Alert (@whale_alert) August 1, 2023
According to security firm PeckShield, this was the result of a sophisticated crypto scam known as "zero transfer." In this scheme, the scammer creates a wallet address with characters identical to the victim's wallet at the beginning and end. The scammer then sends small amounts of tokens to this address, hoping the victim will later copy and paste it when transferring funds, mistakenly sending their assets to the scammer's address instead.
In this case, the scammer used a phishing address, “0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570,” which closely resembled the victim’s address, “0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570.”
#PeckShieldAlert A #ZeroTransfer scammer grabbed 20M $USDT from 0x4071...9Cbc.
— PeckShieldAlert (@PeckShieldAlert) August 1, 2023
Intended Address: 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570
Phishing Address: 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570#Tether $USDT has already added the scammer's address 0xa7bf...0570 to the… pic.twitter.com/Y0APPTxIrT
Many crypto wallet applications and DeFi platforms display only the beginning and end characters of addresses for UI simplification, which further aids scammers in executing zero transfer attacks.
Community and Industry Response
Binance CEO Changpeng Zhao (CZ) warned the community about the incident, highlighting that even experienced crypto investors could fall victim to such scams. CZ revealed that the victim, a seasoned Chinese crypto investor, quickly realized the mistake and contacted Binance, which in turn requested Tether to freeze the address.
I want to share this (luckily) unsuccessful, but very clever and close scam incident from yesterday 👇. Saved $20m. Hope it may also save you one day.
— CZ 🔶 BNB (@cz_binance) August 2, 2023
The scammers are so good now they generate addresses with the same starting and ending letters, which is what most people check… https://t.co/DFpdX8aNay
CZ added that Binance will need to work with the police to help recover the funds for the investor.
This incident underscores the importance of vigilance and double-checking wallet addresses before making any transfers, especially in the face of increasingly sophisticated crypto scams.
