Hacker steals $20 mln USDT through zero-value transfer scam

A zero-value transfer scam worth $20M USDT got detected, with Tether blacklisting the offending address within an hour of the attack.



  • The victim received 10 million USDT from Binance a few days earlier.
  • Prominent on-chain investigator, ZachXBT, noted how quickly Tether responded to this attack.

PeckShieldAlert, a blockchain security service, reported on 1 August that a scammer stole 20 million USDT from 0x407e using a zero-transfer attack. 

Tether proactively froze the stolen crypto assets by blacklisting the USDT scammer’s addresses within an hour.

The victim received 10 million USDT from Binance [BNB] a few days earlier and had transferred the coins to the intended alternate address.

However, during that transfer, the fraudster sent a zero-value token from the victim’s address to their phishing address. A few hours later, the victim transferred the fraudster 20 million USDT, believing they were sending it to their preferred address.

How a zero-value transfer scam works

A zero-value transfer scam has a peculiar modus operandi. First, the scammer fools the customers into making a transaction worth $0 to a phishing address that reads similar to one where the victim routinely transfers funds.

Most users only look at the first and last few digits of a wallet address, ignoring the entire address. This is how scammers outwit users by using a phishing address that appears to be the original address at first sight.

Because the transfers have no monetary value, they do not require the victim’s private key to perform. Though this transfer itself cannot steal funds, it can deceive victims into sending real funds to the wrong address in the future. This could happen if the user frequently depends on their transaction history to verify addresses to which they make transactions.

In the above-mentioned scam, the swindler duped the victim into sending $0 USDT to a phishing address. When the user attempted to complete a legitimate transaction, they mistook the phishing URL for the original.

Prominent on-chain investigator, ZachXBT, noted on Twitter how quickly Tether responded to this attack.

Click to comment
Exit mobile version