Crypto Investor Loses $2.6M to Phishing Scams In Hours

A crypto investor had suffered a significant hit after falling victim to two phishing scams in a day. This unfortunate event resulted in a loss of $2.6 million worth of USDT. These incidents highlight the growing danger of phishing scams in the crypto industry. Bad actors use malicious tricks to deceive users without needing direct access to private keys.

Scammer Used Zero-Value Transfer To Trick Victim 

As revealed earlier today, the victim lost $2.6 million in stablecoins after falling victim to two phishing scams in less than three hours. The first transaction involved $843,000 worth of USDT. Just a few hours later, a second transaction transferred another $1.75 million to a fake address.

In a recent X post, Blockchain security firm Cyvers reported that the attacker used a phishing method, the zero-value transfer scam. This technique involves transferring zero tokens from the victim’s wallet to a fraudulent address. 

Since no real funds are moved, the transaction appears harmless but leaves a trace in the wallet’s history. When reviewing the wallet’s activity, the victim may later see this transaction and assume the fake address is legitimate. 

Trusting this address can lead to future transfers of actual funds to the attacker, as seen in the total losses recorded. 

Phishing Attacks Are Becoming More Common

Phishing scams have become one of the biggest threats to crypto users. In the third quarter of 2024, phishing scams caused even more significant losses. Reports say about $127 million was stolen in September, affecting over 11,000 users. 

One person lost $32 million by signing a fake “permit” message, which gave the scammer complete control of the wallet. In March 2025, more than $46 million was stolen from Coinbase users through similar phishing attacks. 

Coinbase has said it will pay back users whose private information was shared during the attack.

Other Malicious Techniques To Watch Out For

Another scam used by attackers is known as address poisoning. This technique involves sending a small amount of tokens from a wallet address closely resembling the victim’s address. The goal is to plant this lookalike address in the transaction history.

Later, the victim may copy a similar address, mistaking it for a trusted one during future transfers. This leads to funds being sent directly to the attacker. Scammers rely heavily on social media platforms like Telegram, X, and Discord.

Bad actors often post fake links that look trustworthy to trick users. These links can lead to actions that compromise wallets or expose sensitive information. Users are urged to be very careful and double-check wallet addresses before making transfers.