Crypto phishing scam nets $129 million in USDT then funds mysteriously return

20 hours ago 2



Crypto phishing scam nets $129 million in USDT then funds mysteriously return Crypto phishing scam nets $129 million in USDT then funds mysteriously return Oluwapelumi Adejumo · 13 mins ago · 2 min read

Blockchain firm Scam Sniffer sheds light on how subtle address differences can lead to massive crypto losses amid a recent phishing attempt.

2 min read

Updated: Nov. 20, 2024 at 12:40 pm UTC

Crypto phishing scam nets $129 million in USDT then funds mysteriously return

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

A crypto whale narrowly avoided a $129 million USDT loss after falling victim to a phishing scam on the TRON blockchain.

Blockchain security firm Scam Sniffer reported the incident on Nov. 20, detailing how the stolen funds were unexpectedly returned within hours.

What happened?

According to the firm, the scammer used a fake wallet address, “THc…bu8,” crafted to closely resemble the intended recipient’s “TMS…bu8.” The fraudulent address mimicked the original by matching its starting and ending characters.

Despite testing the waters with a test 100 USDT transaction, the victim could not spot the subtle differences and eventually transferred $129 million to the wrong address.

Surprisingly, the fraudster returned 90% of the stolen funds—116.7 million USDT— within an hour of the incident and eventually returned the remaining balance of 12.96 million USDT after four hours.

Following the fund return, the victim promptly redirected the funds to their original destination, “TMS…bu8,” where they have since remained.

Rising threat of address poisoning attacks

Scam Sniffer identified this incident as a classic example of an address-poisoning attack, a phishing tactic gaining widespread traction in the industry.

This scam involves creating wallet addresses nearly identical to those used by victims, differing by just one or two characters. Fraudsters then send small token amounts to victims, embedding the fake address in their transaction history to exploit copy-and-paste errors during future transfers.

CertiK, another blockchain security firm, noted that this phishing tactic, along with wallet drainers, has led to the loss of more than $800 million worth of crypto assets this year.

Due to this, Yu Xian, founder of web3 firm Slowmist, cautioned crypto users about the risks of copying sensitive information. He advised clearing clipboard data after use to avoid falling prey to such scams. Xian emphasized that no connected device is entirely secure, reinforcing the need for vigilance in safeguarding digital assets.

Observers stated that this case further emphasizes the evolving sophistication of crypto phishing scams and highlights the importance of double-checking wallet addresses before making transfers.

Mentioned in this article
Read Entire Article