Avoiding the Zero Transfer Scammer: Tips to Protect $2M Stolen from a Crypto User
A fraudster has been apprehended after swindling $2 million from a cryptocurrency user using an age-old trick called the “zero transfer” scam. The scam works by imitating a user’s test transaction and providing a fake address, causing the user to mistakenly transfer funds to the hacker’s address instead of their intended destination.
Here’s how the zero transfer scam unfolds: first, the unsuspecting victim transfers funds to a cryptocurrency address. The hacker then replicates the original transaction by sending a zero transfer, which does not actually transfer any tokens, to the user’s cryptocurrency address. This zero mimic transfer appears in the user’s transaction log on their wallet provider or blockchain explorer, such as Etherscan.
The scam is successful when the user copies the address from the fake transaction instead of their original address when making a transfer. Often, users choose to copy an address from a previous transaction for convenience and unknowingly fall for the scam because the attacker uses an address with a similar prefix and suffix to the original one.
In the recent case flagged by Peckshield, the victim initially sent a $10 test transaction to an address. They wanted to verify the receiving address before transferring a larger sum, following basic security practices. However, the fraudster intercepted the transaction and sent a zero transfer to the victim’s address. Falling for the trick, the victim transferred $2 million in USDC to the hacker’s wallet address, which closely resembled the original address.
The scammer swiftly converted their ill-gotten gains to ETH and spread the funds across three addresses. To cover their tracks, they used the privacy-focused protocol Tornado Cash as a common exit route.
To avoid falling victim to zero transfer scams, it is crucial to never copy addresses from blockchain explorers. Instead, copy addresses directly from the intended destination. Additionally, it is essential to carefully double-check addresses before initiating any transactions. Simply examining the address prefixes and suffixes may not be enough to detect a scam. It is advisable to thoroughly compare the entire address string from the destination wallet to identify any discrepancies and avoid falling prey to the zero mimic transfer scam.
