Ethereum ZeroTransfer Address Pollution Phishing Twice

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 14:41, 27 August 2025 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/ethereumzerotransferaddresspollutionphishingtwice.php}} {{Unattributed Sources}} thumb|Ethereum Address PoisoningAn Ethereum address fell victim to an address pollution phishing attack. The attacker created a similar-looking wallet address to impersonate the intended recipient’s address. Due to the visual similarity, the victim mistakenly sent fun...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Ethereum Address Poisoning

An Ethereum address fell victim to an address pollution phishing attack. The attacker created a similar-looking wallet address to impersonate the intended recipient’s address. Due to the visual similarity, the victim mistakenly sent funds to the attacker’s wallet instead of the legitimate one. As a result, at least $843,166.84 USD in USDT was lost, with another transfer of over $1.75 million also recorded to the attacker’s address. The incident was reported by TenArmor, and there is no indication that any of the stolen funds have been recovered.

[1][2][3][4][5][6][7][8][9][10][11][12]

About The Ethereum Victim

The victim exists at Ethereum address 0x86C0300Fc369E54d22512564Cc0e8CC261102604.

The Reality

Unfortunately, it is easy to get fooled by incorrect addresses. Creating addresses which appear similar to legitimate addresses is not that challenging. It is important to always verify all addresses.

What Happened

The victim mistakenly sent over $2.5 million in USDT to a phishing address that closely resembled the intended recipient’s, due to an address pollution phishing attack.

Key Event Timeline - Ethereum ZeroTransfer Address Pollution Phishing Twice
Date Event Description
May 25th, 2025 2:10:59 AM MDT Victim Ethereum Wallet Created The victim's ethereum wallet is first funded.
May 25th, 2025 5:48:23 PM MDT Phishing Transaction Occurs A transaction for 843,166.835945 USDT sent to the phisher.
May 25th, 2025 6:00:00 PM MDT Real Scam Sniffer Tweet Real Scam Sniffer posts about the exploit, with just one transaction included.
May 25th, 2025 8:43:00 PM MDT Incident Post By TenArmor TenArmor creates a post reporting on the attack, with links to information about the relevant transactions.
May 25th, 2025 9:38:59 PM MDT Second Tricked Phishing Transaction A second transfer of 1,754,893.457191 USDT is also found to the same perpetrator.
May 25th, 2025 11:46:00 PM MDT PeckShield Reports Larger Loss PeckShield reports on the incident with a total loss of $1.7m reported.
May 26th, 2025 1:17:00 AM MDT AegisWeb3 Reporting Post AegisWeb3 reports with both phishing transactions included for a total loss of $2.6m.

Technical Details

The attack took place through address pollution phishing. Address pollution phishing is a type of cyberattack where scammers flood blockchain addresses with tiny, unsolicited transactions to obscure legitimate activity or manipulate data analysis. This tactic can be used to confuse users, overload transaction histories, or mask fraudulent behavior by making it harder to trace real transactions. Often seen in Web3 environments, address pollution phishing can also serve as a distraction while more serious phishing or scamming attempts occur elsewhere.

In this case, the victim intended to send their funds to the wallet address 0x4668d1fe87444a4d7508e83c89bfdaf1117e6b76. However, an attacker was successfully able to create a new wallet address 0x4668EE748c88DA4FEc595773b22f96f366eD6B76, and interact with their Ethereum wallet. The victim accidentally confused the wallet addresses and sent their funds to the attacker's wallet.

Total Amount Lost

TenArmor has estimated the amount of the loss at $843,166.84 USD. The blockchain shows that 843,166.835945 USDT were sent to the perpetrator address. However, a second transfer of 1,754,893.457191 USDT is also found to the same perpetrator.

The total amount lost has been estimated at $2,598,000 USD.

Immediate Reactions

The attack was reported on by TenArmor a few hours later. It is unclear how the victim reacted.

Ultimate Outcome

It does not appear likely that any funds will be recovered.

Total Amount Recovered

There is no evidence that any funds have been able to be recovered.

There do not appear to have been any funds recovered in this case.

Ongoing Developments

There is limited information about any investigation or recovery that may be underway.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. TenArmor - "Our system has detected a suspicious Address Pollution Phishing attack on #ETH, causing an estimated loss of $843,166.84." - Twitter/X (Accessed Jul 31, 2025)
  2. The Perpetrator's Ethereum Address - Etherscan (Accessed Jul 31, 2025)
  3. The First Phishing Transaction - Etherscan (Accessed Jul 31, 2025)
  4. PeckShield - "#PeckShieldAlert A #ZeroTransfer scammer grabbed ~1.7M $USDT from 0x86C0...2604." - Twitter/X (Accessed Jul 31, 2025)
  5. The Second Phishing Transaction - Etherscan (Accessed Jul 31, 2025)
  6. AegisWeb3 - "Scammed Twice in 5 Hours: Victim Loses $2.6M USDT in ZeroTransfer Attack. In a shocking repeat incident, a victim fell prey twice to the same #ZeroTransfer scam within just 5 hours — losing a total of $2.6M USDT." - Twitter/X (Accessed Jul 31, 2025)
  7. ScamRetrieval - "victim:...wrong address:...correct address:" - Twitter/X (Accessed Jul 31, 2025)
  8. Web3Watchdog - "PeckShieldAlert: #PeckShieldAlert A #ZeroTransfer scammer grabbed ~1.7M $USDT from 0x86C0...2604." - Twitter/X (Accessed Jul 31, 2025)
  9. Real Scam Sniffer - "8 minutes ago, a victim lost $843,166 by copying the wrong address from a contaminated transfer history." - Twitter/X (Accessed Jul 31, 2025)
  10. The Victim Wallet Address - Etherscan (Accessed Jul 31, 2025)
  11. The Victim's Intended Recipient Address - Etherscan (Accessed Jul 31, 2025)
  12. The Victim Wallet Funding Transaction - Etherscan (Accessed Jul 31, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Ethereum_ZeroTransfer_Address_Pollution_Phishing_Twice&oldid=6905"