A crypto investor has lost $2.6 million in stablecoins after falling victim to two back-to-back phishing scams within a span of three hours. The sophisticated scam involved a method known as zero-value transfer phishing, raising fresh concerns over evolving onchain fraud tactics such as address poisoning.
Two Costly Mistakes in Just Three Hours
The victim first transferred $843,000 worth of USDt (Tether) to a scam address, followed by another $1.75 million roughly three hours later. The total loss amounts to $2.6 million. The details were revealed on 26 May by blockchain security and compliance firm Cyvers, which has been tracking such scam tactics closely.
The incident highlights the growing threat of advanced phishing attacks that exploit user trust in transaction histories and partial address familiarity.
How Zero-Value Transfers Work
Zero-value transfer phishing is a deceptive method that manipulates onchain data to trick users. In this scheme, attackers use the token’s “From” function to initiate a transfer of zero tokens from the victim’s wallet to a lookalike address. Because the transaction involves no actual transfer of funds, it does not require the victim’s private key signature.
However, this seemingly harmless transaction appears in the victim’s transaction history, giving a false impression that the spoofed address is legitimate or previously interacted with. As a result, victims may later send substantial funds to these scam addresses, thinking they are trusted recipients.
This scam represents a significant advancement over traditional phishing methods, particularly due to its subtlety and reliance on user habits such as copying wallet addresses from transaction logs.
A Modern Twist on Address Poisoning
Zero-value transfer phishing is considered an evolved form of address poisoning, a tactic where scammers send small amounts of crypto from addresses that closely resemble the victim’s real address. The similarity in characters, particularly at the start and end of the wallet address, often tricks users into copying the wrong address when initiating transactions.
This method exploits how crypto users typically verify wallet addresses. Many users only check the beginning and end of an address string or rely on copied data from their clipboard history. Scammers further improve their chances by generating custom wallet addresses that mimic trusted ones, adding zero-value transactions to increase legitimacy.
Address Poisoning on the Rise
The scale of address poisoning attacks is growing. A recent study published in January 2025 revealed over 270 million address poisoning attempts occurred across BNB Chain and Ethereum between 1 July 2022 and 30 June 2024. While most were unsuccessful, at least 6,000 attacks succeeded, resulting in combined losses of more than $83 million.
In one notorious case in 2023, a scammer used the zero-transfer technique to steal $20 million worth of USDT before being blacklisted by Tether, the stablecoin’s issuer.
AI Tools Aim to Combat Onchain Phishing
To combat the rising threat of address poisoning and phishing scams, cybersecurity firms are investing in AI-driven solutions. Trugard and Webacy, a crypto security firm and an onchain trust protocol respectively, recently launched an artificial intelligence-based system to detect wallet poisoning activity.
According to the firms, their tool has achieved a detection accuracy of 97% in tests across known attack scenarios. Such tools could prove vital in safeguarding users against increasingly complex scam methods that exploit human error and interface design limitations on decentralised platforms.
As scammers continue to develop new ways to exploit blockchain transparency and user behaviour, crypto investors are urged to double-check wallet addresses, avoid relying solely on transaction histories, and consider using tools that verify address authenticity before sending funds.
