$20M stolen by "Zero Transfer Scam" phishing trick

dansus021

copper member

Activity: 1988

Merit: 905

Part of AOBT - English Translator to Indonesia

Quote from: FatFork on August 04, 2023, 10:01:47 AM

Check out the benchmark results of high-performance, GPU-powered vanity address generators for Ethereum, like, for example, "profanity."

According to these results, it can generate a vanity address that matches eight characters in less than 30 seconds on almost any decent GPU. And if you have a GPU mining rig, I assume that the required time is even less, making it possible to generate such an address in a matter of seconds.

Thanks for the info.

That is crazy fast and anyone literally anyone can be the victim, tho if the scammer mixing their token before know it happen it would be doom. We must extra careful theese days scammer getting really smart.

Quote from: FatFork on August 04, 2023, 10:01:47 AM

CZ has already tweeted that the funds are now frozen (thanks to the "benefits" of a centralized currency such as USDT).

Positive ending for this one. The operator noticed the error right after the transaction, and we were able to request the USDT to be frozen in time. It will now take some process, including filing a police report, to reclaim the funds back. But at least, the funds won't leave with the scammers.

Yes hahaha "centralized" token but a feature like this is helpful when there is a scammer with a big amount of money trying to get away

Odohu

sr. member

Activity: 350

Merit: 335

Quote from: julerz12 on August 04, 2023, 09:21:00 AM

This has been going on for quite a while, also called address poisoning. This scam is common on most EVM chains like Binance Smart Chain, Ethereum, and Polygon. I rarely see this happen on Arbitrum but maybe because that chain is new. While some block explorers like BSCscan and Etherscan put warnings in transactions that are deemed suspicious, such warnings don't usually show up immediately.

One good thing nowadays is the implementation of SPACE ID. Basically naming your address and it works on multiple chains. This will make your address easy to identify but the problem is, it isn't done with everybody, even exchanges themselves don't have them so it is still not reliable.

It is still best practice to double-check the destination address before sending it on a one-way street.

Read more about Address poisoning here: https://support.metamask.io/hc/en-us/articles/11967455819035-Address-poisoning-scams
SPACE ID: https://space.id/

Thanks for sharing this and the link was also very helpful. Personally I have observed the increase in various scam formats. As a matter of fact, my wallet have many token which BSCscan was able to indenting some of them as phishing. Well, we all just have to be more careful as some people are out to paint bad image of crypto in general.

stadus

legendary

Activity: 3080

Merit: 1292

Hhampuz for Campaign management

Quote from: albon on August 03, 2023, 06:09:11 PM

fortunately, Tether has blacklisted the address of the scammer who managed to steal $20 million, I think the victim should get a police report to recover his stolen funds.

Fortunately, this is the best part because if it's bitcoin, then there's no chance of recovering the funds.

I think they'll follow the process if this is the right procedure I'm reading.

https://tether.to/en/tether-token-recoveries/

But, of course, the police report is still very important, as the owner of the stolen funds has to provide everything to ensure that the funds belong to him. That way, there's a chance that the $20 million stolen from him will be recovered, also I'm thinking that more documentation is really needed like a judge decision or anything that prove his ownership.

FatFork

legendary

Activity: 1596

Merit: 2588

Top Crypto Casino

Quote from: dansus021 on August 03, 2023, 10:44:18 PM

What a crazy amount of money but wait how the scammer can generate the same first later and last letter of the address as far as I know that generating specific thing like this need time and consume computing power unit.

Check out the benchmark results of high-performance, GPU-powered vanity address generators for Ethereum, like, for example, "profanity."

According to these results, it can generate a vanity address that matches eight characters in less than 30 seconds on almost any decent GPU. And if you have a GPU mining rig, I assume that the required time is even less, making it possible to generate such an address in a matter of seconds.

Quote from: dansus021 on August 03, 2023, 10:44:18 PM

and secondly what happened now are the phising account already move the usdt?

CZ has already tweeted that the funds are now frozen (thanks to the "benefits" of a centralized currency such as USDT).

Quote

Positive ending for this one. The operator noticed the error right after the transaction, and we were able to request the USDT to be frozen in time. It will now take some process, including filing a police report, to reclaim the funds back. But at least, the funds won't leave with the scammers.

https://twitter.com/cz_binance/status/1686764372616515585

julerz12

legendary

Activity: 2310

Merit: 1108

Telegram: @julerz12

This has been going on for quite a while, also called address poisoning. This scam is common on most EVM chains like Binance Smart Chain, Ethereum, and Polygon. I rarely see this happen on Arbitrum but maybe because that chain is new. While some block explorers like BSCscan and Etherscan put warnings in transactions that are deemed suspicious, such warnings don't usually show up immediately.

One good thing nowadays is the implementation of SPACE ID. Basically naming your address and it works on multiple chains. This will make your address easy to identify but the problem is, it isn't done with everybody, even exchanges themselves don't have them so it is still not reliable.

It is still best practice to double-check the destination address before sending it on a one-way street.

Read more about Address poisoning here: https://support.metamask.io/hc/en-us/articles/11967455819035-Address-poisoning-scams
SPACE ID: https://space.id/

Yamane_Keto

sr. member

Activity: 406

Merit: 443

Zero Transfer Scam is one of the most common fraud cases on the Ethereum blockchain and I am surprised why explorers/wallets did not try to update their codes to give alerts to users or at least not to show these addresses as it is easy to hide any transaction with a balance of less than $0.1 and thus make the success rate like this Zero fraud.

Quote from: albon on August 03, 2023, 06:09:11 PM

In conclusion: everyone should be vigilant and not rush before sending any transaction and not rely on the addresses of previous transactions in the transactions history. Lose 20 seconds of your time and copy the correct address from its correct place instead of losing 20 million in a blink of an eye.

Either this user is too rich and too careless to avoid verifying the address or at least sending a small amount for testing or this is a case of tax evasion.

Quote from: Stalker22 on August 04, 2023, 07:35:15 AM

Who the hell sends 20M to an address they copied from wallet history or blockchain explorer? According to the tweet, it is supposedly a "very experienced crypto operator," whatever the hell that means.

This is what makes me question the story. Rich can't make beginner mistakes in this way. Not to mention being a "very experienced crypto operator."

Stalker22

legendary

Activity: 1484

Merit: 1355

Who the hell sends 20M to an address they copied from wallet history or blockchain explorer? According to the tweet, it is supposedly a "very experienced crypto operator," whatever the hell that means.

Oshosondy

legendary

Activity: 1414

Merit: 1118

...gambling responsibly. Do not be addicted.

Quote from: dansus021 on August 03, 2023, 10:44:18 PM

What a crazy amount of money but wait how the scammer can generate the same first later and last letter of the address as far as I know that generating specific thing like this need time and consume computing power unit.

I do not know about how they are generating the address, but this is common on those blockchains like Tron and this has been known on this forum since last year that people should avoid it.

It happened when you have like over $500 worth of USDT at that time. You will see one or many phishing transactions which can be easily used to know the addresses that are not yours. It happened to me and I saw it too on this forum that week.

Quote from: dansus021 on August 03, 2023, 10:44:18 PM

and secondly what happened now are the phising account already move the usdt?

It is not about the scammer to move the money. The victims saw the scammers address instead on the transaction history and used it. So the victim sent the coin to the scammer address and Tether has blocked the address.

I wonder why people will have wallet address, and their USDT wallet address is just one. The proper way is to click on receive and use the address displayed on the receive page.

Cantsay

hero member

Activity: 700

Merit: 541

Top Crypto Casino

This is one of the reasons why it’s always best to type in your wallet address and not just copy from your transaction history aside from the fact that this could also happen there is still the possibility of malware changing the content of your clipboard into something different entirely.

And I guess majority of bitcointalkers are fund of just pasting their wallet address or most times they just check the first few characters and the last one and as soon as it matches they proceed with their transactions.

The guy should be happy that they acted really fast because if they had waited more than they did they scammer would have mixed their coin and Also the fact that USDT is a centralized token assuming it was a decentralized coin like bitcoin mhen that would have been the end of their $20M.

dansus021

copper member

Activity: 1988

Merit: 905

Part of AOBT - English Translator to Indonesia

What a crazy amount of money but wait how the scammer can generate the same first later and last letter of the address as far as I know that generating specific thing like this need time and consume computing power unit.

and secondly what happened now are the phising account already move the usdt?

CryptSafe

sr. member

Activity: 728

Merit: 421

What a wreckage. So sorry he had to go through as such experience. This is why it is advised to properly look into your wallet to confirm address before conducting any transaction. Ok t does not cost anything to open both application or where ever you want to copy your wallet from for your own safety.

No matter what it takes me i copy my wallet directly from the source. I do not rely on previous transaction to copy wallet again I make sure to copy directly so I do not make any silly mistake. Sometimes laziness is what causes such big mistake.

Possibly, there is tendency that someone close to him did that to him if not how come they sent such attack knowing that he copies wallet from previous transaction without proper confirmation. I am just curious how he could just make such mistake looking at the amount involved in the transaction.

albon

legendary

Activity: 1680

Merit: 1343

What happened:: How many days ago, a scammer was able, through a phishing trick called "Zero Transfer Scam," to steal nearly 20 million dollars of USDT from one of the victims; the scammer generated addresses with the same first and last letters, and The scammer then sends a dust transaction to the target victim's wallet in order for his generated address to appear in the history of previous transactions, and then the victim, when sending a transaction, pick the last address in previous transactions history and copies it and transfers his funds to it, and this is not the correct address to be transferred to, but it is the address of the scammer who generated it to resemble the address of a victim, and this is what actually happened; fortunately, Tether has blacklisted the address of the scammer who managed to steal $20 million, I think the victim should get a police report to recover his stolen funds.

Reference Link: https://etherscan.io/address/0xa7bf48749d2e4aa29e3209879956b9baa9e90570#tokentxns

Amount Scammed: 20M $USDT

Additional Notes:
In conclusion: everyone should be vigilant and not rush before sending any transaction and not rely on the addresses of previous transactions in the transactions history. Lose 20 seconds of your time and copy the correct address from its correct place instead of losing 20 million in a blink of an eye.

Sources:
[1] https://twitter.com/cz_binance/status/1686764372616515585 [CEO of Binance]
[2] https://twitter.com/PeckShieldAlert/status/1686278380306731008

Topic: $20M stolen by "Zero Transfer Scam" phishing trick (Read 129 times)