Zero Transfer Phishing Scam and How To Stay Safe

Zero Transfer Phishing Scam and How To Stay Safe

Zero Transfer Phishing Scam and How To Stay Safe

Zero Transfer Phishing Scam and How To Stay Safe

Zero Transfer Phishing Scam and How To Stay Safe

Read Time: 6 minutes

Over $40M in losses– that’s the eye-popping sum lost to a relatively new, craftily designed zero transfer phishing scam.

Now, you might be familiar with phishing scams, the age-old trickery that preys on unsuspecting victims, but this new player takes it up a notch. This scam comes as an intricate twist in the ongoing saga of cybercrimes in web3. 

Curious about what this scam is all about and how it works? Well, you’re in the right place. We’re about to break it down for you and show you how to keep your digital assets safe from this crafty scam. Let’s dive in!

Key Insights on Zero-Value Token Transfer

Ethereum addresses are represented as 40-character hexadecimal strings. And guess what? Most people tend to fixate on the first and last few characters, leaving the middle part as an afterthought. 

For example, addresses are long strings of seemingly random characters which may look like this: 0x3c11F6265Ddec22f4d049Dde480615735f451646

Now, here’s where the plot thickens. Scammers take advantage of this human tendency by creating what’s known as a vanity address.

A vanity address is a crypto address customized with specific characters or patterns, making it easier to remember and, in some cases, even visually appealing.

These vanity addresses are commonly used by legitimate users and serve various legitimate purposes. For instance, when crafting a vanity address, users can choose specific patterns they’d like their new address to include. They often generate these addresses multiple times until they get one they’re satisfied with.

Now, back to the scammers. They’re after one thing: creating a vanity address that tricks their potential victims. Let’s say you recently sent tokens to the address 0x3c11F6265Ddec22f4d049Dde480615735f451646. 

The attacker might cook up an address starting and ending with the same characters – 0x3c11 and 5f4516 – with a mix of characters in the middle.

These addresses might seem strikingly similar to the unsuspecting eye, especially when many wallet apps and block explorers only display the first and last few characters.

So, by this, scammers trick the victim into accidentally sending tokens to this spoofed address belonging to the attacker instead of the legitimate address. Now let’s get into its working.

A simple breakdown of the Zero transfer scam

The zero-value token transfer scam unfolds following the pattern below.

Step 1: Watch out for the victim

The attacker keeps a close watch on on-chain token movements, waiting for the right target to strike.

Step 2: Sifting Through Transactions

The attacker delves into the victim’s ERC20 token transactions, focusing on one critical aspect: the recipient address used in previous transactions. This address is the key to launching their attack.

Step 3: Copy Paste

With the recipient’s address in hand, the attacker creates a fake address that looks similar to the one the victim has used before but with a few minor changes.

Step 4: Deceptive Transaction

The next step involves the attacker initiating a transaction that entails sending 0 USDC tokens from the victim’s address as the source to the newly created vanity address as the destination. 

Step 5: Falling into the Trap

The final act is accomplished as the victim reviews their transaction history. They come across the fake recipient address, which looks just like one they’ve used before. Thinking it’s the right address, they select it and send their cryptocurrency.

Little do they know, the cryptocurrency they intended to send to a trusted recipient ends up in the scammer’s hands. 

Source: Coinbase

Getting Inside The Heads of Scammers

Zero-value token Transfer scams exploit our natural tendency to trust and move quickly in the world of cryptocurrencies. Let’s decipher the psychology behind how scammers trick users into such scams.

  • The Need for Speed: Many cryptocurrency users tend to skim through addresses swiftly, assuming their blockchain or wallet app will validate them. 
  • Trusting the Past Log: Victims often rely on their transaction history to confirm addresses without verifying them diligently.
  • Zero-Value Deception: Scammers initiate transactions with zero-value tokens, bypassing the need for the victim’s approval. The transaction still gets recorded on the blockchain without the victim’s consent, making it seem like a legitimate interaction.

Stay tuned as we explore the defensive strategies and how to equip ourselves better to spot and avoid these deceptive tactics.

The real-world attack scenario

A daring heist shook the crypto world where a scammer executed a zero transfer phishing attack, making off with a staggering $20M worth of Tether (USDT) on August 1, 2023.

The clever play

The victim had initially planned to send the funds to address 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570

However, the scammer intercepted the transaction, redirecting it to a nearly identical phishing address: 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570.

The scam unfolded when the victim’s wallet received $10M from a Binance account. Shortly after, the victim sent it to another address. Seizing the opportunity, the scammer engineered a counterfeit Zero USDT token transfer from the victim’s account to the fraudulent address. A few hours later, the victim unwittingly sent a whopping 20M USDT to the scammer, believing it was destined for the original recipient.

Swiftly, Tether, the stablecoin’s issuer, sprung to action by freezing the wallet. The incident baffled many due to its remarkable speed.

Precautionary Tales

What You Must Do As A User?

1. Exercise Caution with addresses involved in zero-value token transfers. They are typically muted and marked with a grey warning icon on Etherscan.

2. While using wallet apps, always double-check that the displayed addresses precisely match the one you intend to transact with. 

3. When performing transactions, examine the addresses both above and below the one you are interacting with, as scam addresses might impersonate the victim’s address before or after it in the transaction history.

4. Ensure the entire address is accurate, as attackers may have generated vanity addresses that closely resemble legitimate ones.

5. Using secure explorers and wallets will have features to flag or filter malicious transactions and addresses, providing an additional layer of security in identifying potentially harmful activities.

What Can The Wallets And Exchanges Do To Prevent?

  • Implement mechanisms to flag or filter transfer events with a value of 0. Additionally, consider the potential for exploitation in non-ERC-20 transfer events, such as NFT transactions and staking activities.
  • Utilize address mask collision detection to identify addresses that exhibit similarities, suggesting they were not generated randomly. This might involve analyzing the first and last characters of addresses to spot patterns indicative of malicious intent.
  • When shortening addresses for user convenience, include more characters on each side (e.g., 0x987654…123456) to hinder the mass generation of vanity addresses, which scammers often exploit.
  • Send user alerts when they initiate transfers to new or unknown addresses. This warning can help users exercise caution and verify the destination address.

Final words

As you navigate the exciting but potentially risky waters of Web3, remember that vigilance and informed decision-making are your potent weapons against scams. 

QuillAudits, a trusted name in the Web3 realm, stand with you in securing your web3 journey. 

With our top-tier web3 security services, cutting-edge tools, and real-time scam updates by your side, sailing across Web3 is not just Secure but Unstoppable.


Blockchain for dog nose wrinkles' Ponzi makes off ~$127M🐶

Project promised up to 150% returns on investment in 100 days, raising about 166.4 billion South Korean won — or about $127 million — from 22,000 people.

Latest blogs for this week

Understanding Fuzzing and Fuzz Testing: A Vital Tool in Web3 Security

Read Time: 5 minutes When it comes to smart contracts, ensuring the robustness and security of code is paramount. Many techniques are employed to safeguard these contracts against vulnerabilities
Read More

How EigenLayer’s Restaking Enhances Security and Rewards in DeFi

Read Time: 7 minutes Decentralized finance (DeFi) relies on Ethereum staking to secure the blockchain and maintain consensus. Restaking allows liquid staking tokens to be staked with validators in
Read More

ERC 404 Standard: Everything You Need to Know

Read Time: 7 minutes Introduction Ethereum has significantly shaped the crypto world with its introduction of smart contracts and decentralized applications (DApps). This has led to innovative developments in
Read More

DNS Attacks:  Cascading Effects and Mitigation Strategies

Read Time: 8 minutes Introduction DNS security is vital for a safe online space. DNS translates domain names to IP addresses, crucial for internet functionality. DNS ensures unique name-value
Read More

EIP-4844 Explained: The Key to Ethereum’s Scalability with Protodanksharding

Read Time: 7 minutes Introduction  Ethereum, the driving force behind dApps, has struggled with scalability. High fees and slow processing have limited its potential. They have kept it from
Read More

QuillAudits Powers Supermoon at ETH Denver!

Read Time: 4 minutes Calling all the brightest minds and leaders in the crypto world! Are you ready to build, connect, and innovate at the hottest event during ETH
Read More

Decoding the Role of Artificial Intelligence in Metaverse and Web3

Read Time: 7 minutes Introduction  Experts predict a transformative shift in global software, driven by AI and ML, marking the dawn of a new era. PwC predicts AI will
Read More

Transforming Assets: Unlocking Real-World Asset Tokenization

Read Time: 7 minutes In the blockchain, real-world assets (RWAs) are digital tokens that stand for tangible and conventional financial assets, including money, raw materials, stocks, and bonds. As
Read More
Scroll to Top

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:


Refer QuillAudits to Web3 projects for audits.


Earn rewards as we conclude the audits.


Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $200K+