News

Hackers steal $2.6M in double crypto phishing scam

Published

2 days ago

May 26, 2025

Hackers stole $2.6M in a crypto scam using a double phishing scheme, exploiting zero-value transfers. Cyvers reported $843K and $1.7M USDT losses.

An attacker defrauded an investor of $2.6 million worth of stablecoins in only three hours after targeting them in a sophisticated double phishing scheme.

The attacker enabled this scam by exploiting a strategy called the zero-value transfer.

This low-profile onchain tactic is becoming more common and increasingly advanced.

Blockchain security company Cyvers reported that the attacker initially tricked the victim into transferring $843,000 in Tether (USDT).

Within hours, the victim unknowingly made a second transfer of $1.7 million in USDT to the same fraudulent address involved in the first attack.

This one-two punch perfectly illustrates “address poisoning,” a misleading tactic that alters transaction histories to gain false trust.

🚨ALERT🚨Our system has detected~2.6M $USDT loss from a targeted address poisoning scam involving zero-value transfers. A single victim was repeatedly scammed by the same attacker address.

First, the victim lost 843K $USDT.
⏳ About 3 hours later, the same victim sent 1.75M… pic.twitter.com/WWVlrZvavK
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 26, 2025

The scheme’s core lies in manipulating how cryptocurrency wallets display transaction records.

Attackers exploit the transferFrom feature of a token contract to send zero-value tokens from a deceptive or lookalike address to the victim’s wallet.

The blockchain registers the transaction in the victim’s history even though no funds move and no signature is required.

Read also: Alleged Coinbase hacker trolls ZachXBT on-chain after $42.5M BTC swap

Later on, when the victim tries to transfer legitimate funds, they might confuse the spoofed address for a trusted one because it appears in their transaction history.

At this moment, the trap snaps shut: the attacker captures the actual funds while the victim suffers a significant loss. This tactic is gaining traction.

In 2021, a crypto investor named Brian lost $78,000 after an elaborate phishing scam tricked him with a counterfeit Ledger device.

Although he maintained strict security standards, scammers sent him a counterfeit “replacement” Ledger, claiming they issued it after a prior data breach.

However, the attacker installed malware on the device, deceiving Brian into revealing his recovery phrase.

This scam, which relied on social engineering and hijacked customer details, reveals that cold wallets remain vulnerable without proper verification processes.