In the constant tug-of-war of progress and security, the cryptocurrency sphere has recently witnessed an innovative thievery technique called ‘Zero Transfer’ phishing attack that scored the scammer a bountiful $20 million in USDT stablecoin. The subsequent blacklisting of the scammer by the stablecoin issuer Tether does indeed raise eyebrows at the promptness of their response, but not as much as the method of the scam itself does.
In a sense, the scam is a product of our collective neglect towards minute details. We frequently overlook the middle parts of a wallet address while checking only the first or last five digits, and that’s precisely what scammers bank on. This carelessness, coupled with the legacy of us already having sent tokens to an address once, lures us into sending a transaction for zero tokens to an attack-dressed-as-a-friend.
As an example, imagine a victim sending 100 coins to an address for an exchange deposit. The attacker sends 0 coins from the victim’s wallet to an address that seems pretty similar, but is actually controlled by the attacker. Viewing this in their transaction history, the victim may end up sending their coins directly to the scam address, assuming it’s the correct deposit address.
From the first recorded instance in December last year, Zero Transfer has gradually made its mark in the cryptocurrency habitat with a string of successful scams that has cost us over $40 million in losses so far.
Moreover, this innovation in thievery technique shows the dual-edged nature of technology. While we marvel at its wondrous advancements that have made creation and management of crypto-assets possible, any neglect in securing them can equally lead to devastating losses. All technological advancements need to come with a robust safety system to protect against the very tools that brought them into existence in the first place.
While the overall speed of action taken by Tether seems commendable, one cannot help but wonder if a more thorough scrutiny could have prevented this heist. If proper checks and measures had been taken in time, perhaps the misdirected $20 million could have stayed safe in the right wallet.
Lastly, this incident underscores that the beautiful idea of blockchain technology and cryptocurrency still has ways to go in instilling the trust and safety needed for broader acceptance. For every step forward on this path, it appears we also have to watch our rear-view mirror closely to avoid unforeseen theft.
Our collective expedition in the land of cryptocurrency thus continues, laden with the exciting thrill of richness and the nerve-wracking scare of scams alike.
Source: Cointelegraph