A single victim was scammed two times within three hours, losing a total of $2.6 million in stablecoins.
According to data shared on May 26 by crypto compliance firm Cyvers, the victim sent 843,000 worth of USDt (USDT), followed by another 1.75 million USDt around three hours later. Cyvers said the scam used a method known as a zero-value transfer, a sophisticated form of onchain phishing.
Source: Cyvers Alert
Zero-value transfers are an onchain phishing technique that abuses token transfer functions to trick users into sending real funds to attackers. The attackers exploit the token transfer From function to transfer zero tokens from the victim’s wallet to a spoofed address.
Since the amount transferred is zero, no signature by the victim’s private key is necessary for onchain inclusion. Consequently, the victims will see the outgoing transaction in their history.
The victim may trust this address since it is included in their transaction history, mistaking it