On May 26, 2025, a crypto investor was tricked out of $2.6 million in USDT due to a sophisticated on-chain phishing scheme. The loss was confirmed by blockchain compliance firm
Please Register !
Please Register !
What Happened?
Please Register !
The scam started when the user mistakenly sent 843,000 USDT to the wrong wallet address. Just three hours later, the same user transferred another 1.75 million USDT to that very same address—bringing the total loss to $2.6 million.
But how could someone make such a devastating mistake twice? The answer lies in a sneaky trick known as the zero-value transfer scam.
Please Register !
What Is a Zero-Value Transfer Scam?
Please Register !
A zero-value transfer scam is a type of crypto address poisoning that doesn’t require access to your private keys or seed phrases. Instead, it exploits human error and confusion around wallet addresses.
Please Register !
Scammers know this, so they:
-
Monitor blockchain transactions to identify addresses a user interacts with.
-
Create lookalike wallet addresses that mimic the beginning and end of a legitimate one.
-
Send zero-value transactions to the user’s wallet using these fake addresses.
The trick? These bogus addresses then appear in the user’s transaction history. When the user goes back to send crypto again, they might accidentally copy the scammer’s fake address instead of the correct one.
Please Register !
Other Forms of Address Poisoning
Please Register !
Address poisoning isn’t limited to zero-value transfers. Here are several other sneaky tactics used by scammers:
Please Register !
Impersonation
Please Register !
Scammers mimic trusted figures or protocols, such as influencers or verified DeFi projects, to trick users into trusting their lookalike addresses.
Please Register !
QR Code Attacks
Please Register !
Fake wallet addresses are hidden in QR codes shared on social media or even posted in physical places. Scanning the wrong one can lead to irreversible losses.
Please Register !
Clipboard Malware
Please Register !
Some malware can hijack your clipboard and replace a copied wallet address with a scammer’s. This type of attack is especially dangerous because it’s nearly invisible to users.
Please Register !
Smart Contract Exploits
Please Register !
Poorly designed or unaudited smart contracts can be manipulated to redirect funds. Attackers exploit bugs like reentrancy or input validation errors to substitute legitimate addresses with their own.
Please Register !
How Much Has Been Lost to Address Poisoning?
Please Register !
The numbers are staggering:
-
February 2025: $1.8 million lost
-
March 2025: $1.2 million lost
-
May 2025: $2.6 million in a single incident
Please Register !
Please Register !
Please Register !
How to Stay Safe: Tips to Avoid Crypto Scams
Please Register !
Protecting your funds from these kinds of attacks requires vigilance and smart habits. Here are best practices every crypto user should follow:
Please Register !
Always review the entire address—not just the first and last few characters—before sending.
Please Register !
Generate a new wallet for each transaction to limit traceability.
Please Register !
Don’t post your wallet addresses publicly. This lowers the chance of being targeted.
Please Register !
Small, unexpected deposits may be a red flag for an ongoing scam attempt.
Please Register !
Choose wallets with scam-detection tools like phishing protection and address alerts.
Please Register !
Please Register !
Don’t scan wallet QR codes from strangers or untrusted sources. Manually verify whenever possible.
Please Register !
Browser extensions like Wallet Guard or Scam Sniffer help block malicious sites and scripts.
Please Register !
Use services like ENS (Ethereum Name System) to register a human-readable address. This eliminates the need to deal with confusing alphanumeric addresses altogether.
Please Register !
If you’re interacting with dApps or smart contracts, make sure they’ve been audited and tested.
Please Register !
Final Thoughts
Please Register !
Address poisoning scams are a fast-growing threat in Web3. With nearly $90 million in confirmed losses across major blockchains in recent years, it’s more important than ever to stay cautious, stay educated, and stay secure. Don’t let a small oversight cost you everything.
