A crypto investor lost a staggering $2.6 million in stablecoins after falling for an advanced double phishing scam within just three hours. According to blockchain compliance firm Cyvers, the victim unknowingly sent $843,000 in Tether (USDt), followed by another $1.75 million to scammers using a deceptive tactic known as a zero-value transfer.

This method manipulates the blockchain by simulating a transaction from the victim's wallet to a fake address—but without moving any real tokens. Since these zero-value transactions don’t require the victim’s private key, they appear in their transaction history. Later, believing the spoofed address to be familiar and trusted, the victim sends actual funds, unknowingly transferring them to the attacker.

Zero-value transfers are considered a more advanced evolution of address poisoning, a common tactic where scammers use wallets that closely resemble legitimate ones. By relying on partial address matching, victims can mistakenly send funds to the wrong destination—especially when rushing or relying on saved addresses.

The threat is rapidly expanding across major blockchains. A study released in January 2025 revealed over 270 million poisoning attempts on Ethereum and BNB Chain between mid-2022 and mid-2024. These attacks successfully stole over $83 million in crypto from unsuspecting users.

Cybersecurity firms like Trugard and Webacy have begun deploying AI tools to detect and prevent such scams. Their new system, designed to identify suspicious wallet activity, claims a 97% accuracy rate in stopping these phishing attempts before funds are lost.

As blockchain adoption grows, so does the sophistication of scams—making user awareness and proactive wallet security more crucial than ever.