Crypto Phishing Scam Almost Nets $129 Million in USDT, Funds Mysteriously Returned

A recent phishing scam on the TRON blockchain nearly resulted in a $129 million loss in USDT, highlighting the growing threat of sophisticated crypto fraud.

Blockchain security firm Scam Sniffer detailed the incident on November 20, revealing how a subtle wallet address discrepancy led to the massive transfer. A crypto whale mistakenly sent $129 million in USDT to a fake address resembling the intended recipient’s. Despite an initial test transaction of 100 USDT, the victim failed to notice the minor differences between the fraudulent address, “THc…bu8,” and the legitimate one, “TMS…bu8.”

In a surprising twist, the scammer returned 90% of the stolen funds—$116.7 million—within an hour and transferred the remaining $12.96 million four hours later. The victim then redirected the funds to their original destination, where they have since remained secure.

The Rise of Address-Poisoning Attacks

Scam Sniffer identified this as an address-poisoning attack, a phishing strategy growing in popularity. These scams involve fraudsters crafting wallet addresses nearly identical to legitimate ones, differing by just a few characters. Victims often unknowingly copy the fraudulent address from their transaction history, leading to significant financial losses.

This tactic, alongside other phishing schemes like wallet drainers, has caused over $800 million in crypto losses in 2023, according to blockchain security firm CertiK.

Yu Xian, founder of web3 security firm Slowmist, advised crypto users to remain vigilant by double-checking wallet addresses and clearing clipboard data after transactions. He warned that no connected device is entirely secure, emphasizing the importance of safeguarding digital assets.

This case serves as a stark reminder of the sophistication of modern crypto scams and underscores the critical need for heightened caution when handling blockchain transactions.