Key Notes
- A crypto investor lost $2.6 million in stablecoins within three hours.
- The attacker used a zero-value transfer technique to trick and defraud the investor.
- The victim sent $843,000 worth of USDT, then later sent an extra 1.75 million USDT.
A victim was allegedly defrauded twice in just three hours, losing a total of $2.6 million in stablecoins to phishing scams. The first incident involved transferring $843,000 worth of USDT, and about three hours later, the victim was tricked into sending another $1.75 million USDT.
According to Cyvers, the victim was targeted by a zero-value transfer scam, a phishing technique that exploits token transfer functions to deceive users into sending real funds to attackers.
đ¨ALERTđ¨Our system has detected~2.6M $USDT loss from a targeted address poisoning scam involving zero-value transfers. A single victim was repeatedly scammed by the same attacker address.
First, the victim lost 843K $USDT.
âł About 3 hours later, the same victim sent 1.75M⌠pic.twitter.com/WWVlrZvavKâ đ¨ Cyvers Alerts đ¨ (@CyversAlerts) May 26, 2025
In this scam, the attacker transfers zero tokens from the victimâs wallet to a fraudulent address. Since no actual funds are moved, the attacker does not need access to the victimâs private key.
When the victim later checks their transaction history and sees the outgoing transfer, they might mistakenly trust the fake address, thinking itâs one theyâve dealt with before. Because of this, they could unknowingly send funds to the attackerâs address later on.
Phishing Scams
Phishing scams are commonly used by attackers to steal cryptocurrency from users. In March 2025, Coinbase users lost over $46 million to such scams. The exchange recently announced plans to compensate victims whose personal information was leaked.
In the third quarter of 2024, crypto phishing scams cost enthusiasts around $127 million, affecting about 11,000 victims by September. One victim reportedly lost $32 million after signing a permit signature.
Attackers employ various phishing techniques to steal cryptocurrency, often tricking victims into clicking on seemingly legitimate links shared on social media. In reality, these links lead to scams designed to compromise their funds.
One such technique is similar to address poisoning, where attackers send small amounts of tokens from an address that closely resembles the victimâs own wallet address.
The goal is to deceive the victim into believing this is a trusted address theyâve interacted with before, causing them to mistakenly send funds to the attackerâs address in future transactions, resulting in significant financial loss.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Rose is a crypto content writer with a strong background in finance and tech. She simplifies complex blockchain and cryptocurrency topics, offering insightful articles and market analysis to help readers navigate the evolving crypto landscape.
