A crypto user has suffered two devastating phishing attacks in under three hours, losing a combined $2.5 million in stablecoins, according to data released on May 26 by blockchain compliance firm Cyvers.
The victim was first tricked into sending $843,000 in Tether (USDT), followed by a second, much larger transfer of $2.6 million shortly after. Both incidents reportedly stem from a sophisticated onchain phishing technique, a zero-value transfer scam.
According to SlowMist, this method exploits the transferFrom function of blockchain tokens, allowing attackers to initiate a zero-amount transaction from the victim’s wallet to a malicious address. Because no funds are moved, the blockchain doesn’t require a signature from the victim’s private key, yet the transaction still appears in their history. When unsuspecting users later recognize the spoofed address as familiar, they may mistakenly trust it and send real assets, exactly what happened in this case.
Zero-value transfer scams are considered an evolution of address poisoning, a tactic where scammers send tiny amounts of crypto from lookalike addresses. These fake addresses often mimic the beginning and ending characters of the user’s legitimate wallet, banking on the victim and copying the wrong one in future transactions.
The threat is far from isolated. In 2023, a single zero-transfer phishing campaign resulted in the theft of $20 million in USDT before the stablecoin issuer blacklisted the address. Between mid-2022 and mid-2024, a staggering 270 million poisoning attempts were logged on Ethereum and BNB Chain, with 6,000 succeeding, causing over $83 million in losses, according to a January 2025 study.
In response to the growing risk, crypto security firms are taking action. Cybersecurity company Trugard and on-chain protocol Webacy recently announced the development of an AI-powered detection system to flag suspicious wallet addresses.
In a blog post on April 7, Jameson Lopp, chief security officer at Bitcoin custody platform Casa, urged Bitcoin holders to double-check wallet addresses before transferring funds following a new wave of address poisoning attacks that have quietly siphoned millions in user funds.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
