$2.5M Gone in Hours — Victim Hit Twice in Sophisticated Stablecoin Phishing Scam
A crypto investor lost a staggering $2.6 million USDT on May 26, 2025, after falling victim twice within three hours to a sophisticated phishing scam that manipulated Ethereum’s transaction history through zero-value transfers. Could this devastating double-hit expose a critical blind spot in how even experienced traders verify wallet addresses?
The attack, which first siphoned off $843,000 and another $1.75 million, has raised serious concerns about how even seasoned traders verify wallet addresses in on-chain transactions.
The Mechanics: Zero-Value Transfers and Onchain Phishing
—
ALERT
First, the victim lost 843K $USDT.About 3 hours later, the same victim sent 1.75M… pic.twitter.com/WWVlrZvavK
According to a report by crypto compliance firm Cyvers, the scammers used Ethereum’s transferFrom function to create transactions from the victim’s wallet to spoofed addresses without needing any private key signature or user authorization.
Since the transactions involved no real value, they were automatically added to the blockchain without triggering typical security alerts.
This attack works by placing the scammer’s wallet address in the victim’s transaction history. Users who see the address logged as an outbound transaction are more likely to trust it, mistaking it for a previously interacted or known address.
In follow-up transactions, they may copy and paste the spoofed address, unknowingly sending tangible assets directly to the attacker.
Zero-value transfers are considered an advanced evolution of the older address poisoning scam.
In traditional address poisoning, scammers send tiny amounts of cryptocurrency from addresses closely resembling the victim’s legitimate contacts, often with the same starting and ending characters.
Users who rely on pattern recognition or partial address verification are more likely to fall into the trap.
Zero-value transfers take this one step further by adding the fake transaction to the user’s visible history, reinforcing false legitimacy.
Blockchain security firm Elliptic reported in 2023 that roughly 150 scammers had initiated over 176,000 of these Ethereum and BNB Chain transactions since November 2022.
While these are zero-value transactions, executing them requires considerable gas fees.
The scammers have spent over $710,000 on fees but earned more than $1.5 million in illicit proceeds, resulting in a net profit of just under $800,000, averaging about $5,500 per attacker.
In a notable precedent in May 2024, a victim of a sophisticated address poisoning scam recovered nearly all of the $71 million in stolen WBTC, thanks to swift intervention by blockchain security firm Match Systems and exchange Cryptex.
— Cryptonews.com (@cryptonews) May 12, 2024
A victim who fell prey to a sophisticated 'address poisoning' attack has successfully recovered almost all of the stolen funds.#Hack #Scamhttps://t.co/GJEcS0BfvN
Broader Impact and Defensive Measures Against Phishing Scam
The rise of zero-value transfer scams has exposed a troubling vulnerability in user behavior and how wallet interfaces present transaction data.
A January 2025 report revealed over 270 million address poisoning attempts occurred on BNB Chain and Ethereum between July 2022 and June 2024. Out of these, about 6,000 attempts were successful, resulting in losses exceeding $83 million.
— Cryptonews.com (@cryptonews) April 7, 2025
Jameson Lopp cautioned Bitcoin holders, stressing the recent surge in Bitcoin address “poisoning” attacks, where attackers mimic wallet addresses.#BitcoinPoisoning #Bitcoin #BitcoinScamhttps://t.co/NlBdbV0sSe
In response, the crypto ecosystem has started adapting. In 2023, Etherscan announced a new feature that hides zero-value token transfers by default to shield users from misleading transaction records.
Update: Zero-value token transfers are now hidden by default
— etherscan.eth (@etherscan) April 10, 2023
In recent times, 'address poisoning' attacks have phished unsuspecting users and spammed everybody else. With this update you won’t have to see these transfers anymore!
BeforeAfter pic.twitter.com/F93pWDUJ7a
While users can still choose to view them, the default setting aims to reduce confusion and prevent phishing attempts from reaching the average wallet owner.
Crypto wallet providers like Trezor have issued warnings about address poisoning and emphasized that such phishing scams, while insidious, do not involve any compromise of private keys or internal wallet security.
Instead, they rely on human error and behavioral exploitation, targeting the visual habits of users who recognize addresses by appearance or copy-paste from transaction logs without double-checking.
The post $2.5M Gone in Hours — Victim Hit Twice in Sophisticated Stablecoin Phishing Scam appeared first on Cryptonews.
Read More
Bitget Launches BGUSD Stablecoin Offering, Bridges DeFi and TradFi
Hackers strike again: Cork Protocol loses $12M in latest incident
$2.5M Gone in Hours — Victim Hit Twice in Sophisticated Stablecoin Phishing Scam
A crypto investor lost a staggering $2.6 million USDT on May 26, 2025, after falling victim twice within three hours to a sophisticated phishing scam that manipulated Ethereum’s transaction history through zero-value transfers. Could this devastating double-hit expose a critical blind spot in how even experienced traders verify wallet addresses?
The attack, which first siphoned off $843,000 and another $1.75 million, has raised serious concerns about how even seasoned traders verify wallet addresses in on-chain transactions.
The Mechanics: Zero-Value Transfers and Onchain Phishing
—
First, the victim lost 843K $USDT.
According to a report by crypto compliance firm Cyvers, the scammers used Ethereum’s transferFrom function to create transactions from the victim’s wallet to spoofed addresses without needing any private key signature or user authorization.
Since the transactions involved no real value, they were automatically added to the blockchain without triggering typical security alerts.
This attack works by placing the scammer’s wallet address in the victim’s transaction history. Users who see the address logged as an outbound transaction are more likely to trust it, mistaking it for a previously interacted or known address.
In follow-up transactions, they may copy and paste the spoofed address, unknowingly sending tangible assets directly to the attacker.
Zero-value transfers are considered an advanced evolution of the older address poisoning scam.
In traditional address poisoning, scammers send tiny amounts of cryptocurrency from addresses closely resembling the victim’s legitimate contacts, often with the same starting and ending characters.
Users who rely on pattern recognition or partial address verification are more likely to fall into the trap.
Zero-value transfers take this one step further by adding the fake transaction to the user’s visible history, reinforcing false legitimacy.
Blockchain security firm Elliptic reported in 2023 that roughly 150 scammers had initiated over 176,000 of these Ethereum and BNB Chain transactions since November 2022.
While these are zero-value transactions, executing them requires considerable gas fees.
The scammers have spent over $710,000 on fees but earned more than $1.5 million in illicit proceeds, resulting in a net profit of just under $800,000, averaging about $5,500 per attacker.
In a notable precedent in May 2024, a victim of a sophisticated address poisoning scam recovered nearly all of the $71 million in stolen WBTC, thanks to swift intervention by blockchain security firm Match Systems and exchange Cryptex.
— Cryptonews.com (@cryptonews) May 12, 2024
Broader Impact and Defensive Measures Against Phishing Scam
The rise of zero-value transfer scams has exposed a troubling vulnerability in user behavior and how wallet interfaces present transaction data.
A January 2025 report revealed over 270 million address poisoning attempts occurred on BNB Chain and Ethereum between July 2022 and June 2024. Out of these, about 6,000 attempts were successful, resulting in losses exceeding $83 million.
— Cryptonews.com (@cryptonews) April 7, 2025
In response, the crypto ecosystem has started adapting. In 2023, Etherscan announced a new feature that hides zero-value token transfers by default to shield users from misleading transaction records.
Update: Zero-value token transfers are now hidden by default
— etherscan.eth (@etherscan) April 10, 2023
In recent times, 'address poisoning' attacks have phished unsuspecting users and spammed everybody else. With this update you won’t have to see these transfers anymore!
Before
While users can still choose to view them, the default setting aims to reduce confusion and prevent phishing attempts from reaching the average wallet owner.
Crypto wallet providers like Trezor have issued warnings about address poisoning and emphasized that such phishing scams, while insidious, do not involve any compromise of private keys or internal wallet security.
Instead, they rely on human error and behavioral exploitation, targeting the visual habits of users who recognize addresses by appearance or copy-paste from transaction logs without double-checking.
The post $2.5M Gone in Hours — Victim Hit Twice in Sophisticated Stablecoin Phishing Scam appeared first on Cryptonews.
Read More
Bitget Launches BGUSD Stablecoin Offering, Bridges DeFi and TradFi