A cryptocurrency scammer successfully stole US$20 million (AU$30.5 million) from a crypto wallet, but what appeared to be a hefty chunk of money rapidly became zero.
Why? It was quickly found out that the scammer was unable to spend the money due to a swift restriction enforced by the company behind the crypto.
Peckshield, a blockchain address tracker, documented the scamming process on Twitter/X. According to the tracker, the scammer executed a zero-transfer attack, and took off with US$20 million (AU$30.5 million).
What is a zero-transfer attack?
In the crypto world, a zero-transfer attack is a phishing method. The scammer creates a crypto wallet address that looks nearly identical to the target victim’s address. The intention is to deceive the victim into “believing that they are interacting with a familiar address and instead send funds to the attacker’s wallet,” according to Etherscan.
In this case, the victim’s address was:
However, the scammer’s address was:
We can see that the beginning and end digits and letters of the wallet address are the same, but the mix of numbers and letters in the middle are different. The victim transferred a total of 20 million USDT, a stablecoin issued by Tether. As one USDT equals US$1 (AU$1.50), they lost US$20 million (AU$30.5 million).
However, according to on-chain data, Tether seems to have noticed the fraudulent transaction in under an hour, and swiftly moved to block it. The company blacklisted the scammer’s crypto wallet address, permanently banning them from performing any USDT transactions.
At the time of writing, blockchain tracker Etherscan has subsequently labelled the address as being used for phishing scams. The wallet currently still holds the US$20 million (AU$30.5 million) in USDT, meaning that the victim did not get their millions back. In addition, the scammer’s wallet also has a remaining balance of 0.00014 ETH, or US$0.26 (AU$0.40).
Unsuccessful crypto scams
This is not the first unsuccessful attempt at stealing and spending crypto from scammers or attackers. In July, a crypto hacker tried to steal US$5.5 million (AU$8.2 million) from a crypto project’s liquidity pool but in the end was ‘frontrun’ by a trading bot. The bot figured out that the hacker wanted to execute their transaction, and managed to beat the hacker to it.
Money stolen from crypto scams is down dramatically this year, too. A report by Chainalysis showed that crypto scammers stole US$3.3 billion (AU$4.9 billion) less as of June 2023 compared to June 2022.
Maybe it’s a skill issue. Maybe it’s the market. But regardless: better luck next time, scammers.