How does zero value transfer work?


Investors lose millions of dollars in USDT phishing scam

On May 26, 2025, cryptocurrency investors became victims of a series of OnChain phishing attacks. Crypto compliance company Cyvers announces victim Total loss of $2.6 million worth of cryptocurrency.

Everything starts when the user sends 843,000 tether USDTUSDT) Addresses other than the intended recipient. Just three hours later, the user sent $1.75 million to the same address. Results: All of this is lost in a few hours.

Cyers announces loss of $2.6 million

But how do users make this mistake? According to Cyer, users become targets of zero-value transfer scams.

How does a zero-value transfer scam work?

Zero value transfer is a deceptive scam method that takes advantage of user confusion and can be done without Private key Need to access.

Encrypted wallet The address consists of alphanumeric characters. Although the number of roles per blockchain is different, it will never be less than 26. In the case of USDT, it ranges from 34 to 42.

Handling lengthy, random characters is a confusing and risky task that can lead to serious losses when misunderstood because crypto transactions cannot be reversed due to the immutability of blockchain. Therefore, users usually resort to copying the wallet address when sending cryptocurrencies.

In a zero-value transfer scam, malicious actors abuse this practice. They search for the target wallet and determine the address they interact with. Then the scammer creates a Vanity address Share the same initial and last character as the interactive address and sends a transaction that does not contain any value.

The idea is to place the forged address in the transaction history of the target wallet. Users who wish to send cryptocurrency to familiar addresses may scroll through past transactions and accidentally copy the fake address of the scam. As a result, users unknowingly send transactions to scammers and cannot recover the lost cryptocurrency.

Zero transfer attack flow

Zero token transfer utilization is just A strategy for address poisoningUmbrella term for scams that rely on fraud and do not require attackers to control the scams Seed phrase or private key.

did you know? The current cryptocurrency address is similar to the predomain name system (DNS) era of the Internet. Before DNS, users must type a numerical IP address to access the website. There are some available blockchain solutions similar to DNS and make the wallet readable in humans, such as the Ethereum Name System (ENS).

Other encryption strategies to solve poisoning

Imitating legitimate addresses is a widely used method to resolve poisoning, or credibility can be achieved by sending the minimum cryptocurrency to the target address.

Scammers also use complex strategies of phishing crypto wallets and blend it with crypto hacking methods, such as:

  • imitate: This method is similar to zero-value transfer. The difference is that the attacker imitates high-trust entities such as public figures or protocols rather than randomly selected addresses. They create a vanity address similar to such entity addresses and place fake addresses in the victim’s wallet transaction history to fool users, they only have glimpses of the beginning and end of the address. Social Engineering Strategysuch as imitation on social media, may also be accompanied by this approach.
  • QR code: This strategy takes advantage of the convenience of scanning wallet addresses by creating fake codes. Scammers distribute these fake QR codes through social media or paste them in physical locations to deceive careless users. QR codes can also lead to the appearance of legal addresses, making detection more difficult.
  • Intercept via malware: This address poisoning involves malware hacking. Once an attacker manages to install malware on the victim’s device, they can hijack the clipboard and replace the copied wallet address with their own wallet address. The victim unconsciously pasted the attacker’s address and sent the cryptocurrency to it, rather than the intended recipient.
  • Smart contract utilization: Poor coding and unaudited smart contracts easily resolve poisoning. Attackers can exploit Errors and defects in the contractsuch as incorrect input verification and re-entry to trick contracts into using fake addresses or changing key variables in the interim. As a result, contract users can send cryptocurrencies to attackers instead of legitimate addresses.

The cost of encryption to solve poisoning attacks

So far, addressing the poisoning in 2025 has cost investors millions of dollars. February caused $1.8 million in losses, and Losed $1.2 million in March Due to this encryption scam method. In May, an incident exceeded the above two months and lost $2.6 million.

These attacks have caused serious losses on major blockchains such as Ethereum and BNB chains. Between 2022 and 2024, there are about 17 million addresses Poisoning On Ethereum, zero transfer attacks account for 7.2 million of that figure. Of these, 1,738 attempts became successful and resulted in users losing nearly $80 million.

During the same period, the BNB chain was hit by nearly 230 million address poisoning attempts. The blockchain users lost $4.5 million in total due to 4,895 successful attacks.

Numbers indicate that address poisoning is a serious threat that cannot be ignored. But how do users stop being victims of this scam strategy?

How to safely prevent encryption and resolve poisoning attacks

Address poisoning is a sneaky Web3 security threat that is difficult to detect, but users can take some precautions to stay safe.

Of course, the most obvious safety measure is to develop the habit of double inspection. Be sure to check the recipient’s wallet address all before signing the transaction.

In addition, users can take precautions, such as:

  • Use the new address: Create a new address for each transaction. This reduces the likelihood of becoming a victim of attackers who check transaction history to perform cryptocurrency phishing.
  • Keep your wallet’s private address: Avoid sharing your wallet address publicly. Such addresses are easier targets for malicious actors.
  • Ignore small transactions: Be cautious about small encryption transfers. There is a good chance they are trying to resolve the poisoning.
  • Use a secure encrypted wallet: Use a well-known wallet with phishing protection. Some wallets will tag suspicious addresses or remind you when pasting known scam addresses.
  • The following updates: Monitor blockchain scam alerts. Platforms that focus on Web3 security, such as Cyers, Peckshield and Certik, as well as well-known data such as Zachxbt, provide timely reminders about scams, hackers and suspicious activity, which can help users avoid interacting with Spoof addresses.
  • Verification address: When scanning the QR code, manually verify the wallet address. Avoiding scanning them from untrusted sources is also an effective measure.
  • Use antivirus software: Install anti-malware and browser extensions. Tools like Wallet Guard or Scam Sniffer can block known malicious text and fake websites.
  • Consider the name system: Use blockchain naming system solutions wherever possible. Transactions through readable addresses are a safer option and can greatly reduce the possibility of solving poisoning.
  • Using a secure smart contract: Use audited and thoroughly tested smart contracts to prevent being victimized by vulnerabilities.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending now

Love Miley Cyrus’ $ 10,800 chanel bag? Remove search for $ 24
Boxing results: Eric Priest defeated “Herke” Taylor Howard
M23 rebels killing the governor Peter Chirimwami
Hamas releases list of next batch of Israeli hostages to be released