QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$2 598 000 USD
MAY 2025
GLOBAL
ETHEREUM
DESCRIPTION OF EVENTS
The victim exists at Ethereum address 0x86C0300Fc369E54d22512564Cc0e8CC261102604.
Unfortunately, it is easy to get fooled by incorrect addresses. Creating addresses which appear similar to legitimate addresses is not that challenging. It is important to always verify all addresses.
The attack took place through address pollution phishing. Address pollution phishing is a type of cyberattack where scammers flood blockchain addresses with tiny, unsolicited transactions to obscure legitimate activity or manipulate data analysis. This tactic can be used to confuse users, overload transaction histories, or mask fraudulent behavior by making it harder to trace real transactions. Often seen in Web3 environments, address pollution phishing can also serve as a distraction while more serious phishing or scamming attempts occur elsewhere.
In this case, the victim intended to send their funds to the wallet address 0x4668d1fe87444a4d7508e83c89bfdaf1117e6b76. However, an attacker was successfully able to create a new wallet address 0x4668EE748c88DA4FEc595773b22f96f366eD6B76, and interact with their Ethereum wallet. The victim accidentally confused the wallet addresses and sent their funds to the attacker's wallet.
TenArmor has estimated the amount of the loss at $843,166.84 USD. The blockchain shows that 843,166.835945 USDT were sent to the perpetrator address. However, a second transfer of 1,754,893.457191 USDT is also found to the same perpetrator.
The attack was reported on by TenArmor a few hours later. It is unclear how the victim reacted.
It does not appear likely that any funds will be recovered.
There is no evidence that any funds have been able to be recovered.
There is limited information about any investigation or recovery that may be underway.
An Ethereum address fell victim to an address pollution phishing attack. The attacker created a similar-looking wallet address to impersonate the intended recipient’s address. Due to the visual similarity, the victim mistakenly sent funds to the attacker’s wallet instead of the legitimate one. As a result, at least $843,166.84 USD in USDT was lost, with another transfer of over $1.75 million also recorded to the attacker’s address. The incident was reported by TenArmor, and there is no indication that any of the stolen funds have been recovered.
TenArmor - "Our system has detected a suspicious Address Pollution Phishing attack on #ETH, causing an estimated loss of $843,166.84." - Twitter/X (Jul 31)
The Perpetrator's Ethereum Address - Etherscan (Jul 31)
The First Phishing Transaction - Etherscan (Jul 31)
PeckShield - "#PeckShieldAlert A #ZeroTransfer scammer grabbed ~1.7M $USDT from 0x86C0...2604." - Twitter/X (Jul 31)
The Second Phishing Transaction - Etherscan (Jul 31)
AegisWeb3 - "Scammed Twice in 5 Hours: Victim Loses $2.6M USDT in ZeroTransfer Attack. In a shocking repeat incident, a victim fell prey twice to the same #ZeroTransfer scam within just 5 hours — losing a total of $2.6M USDT." - Twitter/X (Jul 31)
ScamRetrieval - "victim:...wrong address:...correct address:" - Twitter/X (Jul 31)
Web3Watchdog - "PeckShieldAlert: #PeckShieldAlert A #ZeroTransfer scammer grabbed ~1.7M $USDT from 0x86C0...2604." - Twitter/X (Jul 31)
Real Scam Sniffer - "8 minutes ago, a victim lost $843,166 by copying the wrong address from a contaminated transfer history." - Twitter/X (Jul 31)
The Victim Wallet Address - Etherscan (Jul 31)
The Victim's Intended Recipient Address - Etherscan (Jul 31)
The Victim Wallet Funding Transaction - Etherscan (Jul 31)
