A crypto investor has lost $2.6 million worth of stablecoins in double zero-value transfer scams.
A victim was allegedly defrauded twice in just three hours, losing a total of $2.6 million in stablecoins to phishing scams. The first incident involved transferring $843,000 worth of USDT, and about three hours later, the victim was tricked into sending another $1.75 million USDT.
According to Cyvers, the victim was targeted by a zero-value transfer scam, a phishing technique that exploits token transfer functions to deceive users into sending real funds to attackers.
🚨ALERT🚨Our system has detected~2.6M $USDT loss from a targeted address poisoning scam involving zero-value transfers. A single victim was repeatedly scammed by the same attacker address.
First, the victim lost 843K $USDT.
⏳ About 3 hours later, the same victim sent 1.75M… pic.twitter.com/WWVlrZvavK— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) May 26, 2025
In this scam, the attacker transfers zero tokens from the victim’s wallet to a fraudulent address. Since no actual funds are moved, the attacker does not need access to the victim’s private key.
When the victim later checks their transaction history and sees the outgoing transfer, they might mistakenly trust the fake address, thinking it’s one they’ve dealt with before. Because of this, they could unknowingly send funds to the attacker’s address later on.
Phishing Scams
Phishing scams are commonly used by attackers to steal cryptocurrency from users. In March 2025, Coinbase users lost over $46 million to such scams. The exchange recently announced plans to compensate victims whose personal information was leaked.
In the third quarter of 2024, crypto phishing scams cost enthusiasts around $127 million, affecting about 11,000 victims by September. One victim reportedly lost $32 million after signing a permit signature.
Attackers employ various phishing techniques to steal cryptocurrency, often tricking victims into clicking on seemingly legitimate links shared on social media. In reality, these links lead to scams designed to compromise their funds.
One such technique is similar to address poisoning, where attackers send small amounts of tokens from an address that closely resembles the victim’s own wallet address.
The goal is to deceive the victim into believing this is a trusted address they’ve interacted with before, causing them to mistakenly send funds to the attacker’s address in future transactions, resulting in significant financial loss.
next