一名受害者在三個小時內被騙了兩次，總共失去了260萬美元的穩定股。

根據加密貨幣公司Cyvers在5月26日共享的數據，受害者派出了價值843,000美元的USDT（USDT），然後在三個小時後另外175萬美元。

A single victim was scammed two times within three hours, losing a total of $2.6 million in stablecoins, according to data shared by crypto compliance firm Cyvers.

根據加密貨幣公司Cyvers共有的數據，一名受害者在三個小時內被騙了兩次，總共失去了260萬美元的Stablecoins。

The victim sent 843,000 worth of USDt (USDT), followed by another 1.75 million USDT around three hours later, the firm said on May 26. The scam used a method known as a zero-value transfer, a sophisticated form of onchain phishing.

該公司在5月26日表示，受害人派出了價值843,000美元的USDT（USDT），然後在三個小時後再發出175萬美元。

A zero-value transfer occurs when an attacker exploits the token transfer From function to transfer zero tokens from the victim’s wallet to a spoofed address. Since the amount transferred is zero, no signature by the victim’s private key is necessary for onchain inclusion.

當攻擊者利用從功能到將零令牌轉移到受害者錢包到欺騙地址的零令牌時，發生零值的傳輸。由於轉移的金額為零，因此受害人的私鑰簽名是OnChain包容性的必要條件。

The victim will then see the incoming transaction in their history, and may trust this address since it is included in their transaction history, making them think it’s a known or safe recipient. They may then send real funds to the attacker’s address in a future transaction.

然後，受害人將在其歷史上看到傳入的交易，並可能相信該地址，因為該地址已包含在其交易歷史記錄中，使他們認為這是已知或安全的接收者。然後，他們可以在將來的交易中將真正的資金發送到攻擊者的地址。

In one high-profile case, a scammer using a zero-transfer phishing attack managed to steal $20 million worth of USDT before getting blacklisted by the stablecoin’s issuer in the summer of 2023.

在一個備受矚目的案例中，使用零轉移網絡釣魚攻擊的騙子設法竊取了價值2000萬美元的USDT，然後在2023年夏天被Stablecoin的發行人列入黑名單。

A zero-value transfer is an evolution of address poisoning, a tactic where attackers send small amounts of cryptocurrency from a wallet address that resembles a victim’s real address, often with the same starting and ending characters. The goal is to trick the user into accidentally copying and reusing the attacker’s address in future transactions, resulting in lost funds.

零價值轉移是地址中毒的演變，一種策略，攻擊者從類似於受害者的真實地址的錢包地址發送少量加密貨幣，通常具有相同的啟動和結束角色。目的是欺騙用戶在將來的交易中意外複製和重複攻擊者的地址，從而導致資金損失。

The technique exploits how users often rely on partial address matching or clipboard history when sending crypto. Custom addresses with similar starting and ending characters can also be combined with zero-value transfers.

該技術在發送加密時會利用用戶通常如何依賴部分地址匹配或剪貼板歷史記錄。具有相似啟動和結束字符的自定義地址也可以與零值轉移結合使用。

A January study by TRGARD found that over 270 million poisoning attempts occurred on BNB Chain and Ethereum between July 1, 2022, and June 30, 2024. Of those, 6,000 attempts were successful, leading to losses over $83 million.

Trgard一月份的一項研究發現，在2022年7月1日至2024年6月30日之間，BNB鍊和以太坊發生了超過2.7億次中毒嘗試。其中，有6,000次嘗試成功，導致損失超過8300萬美元。

The report followed crypto cybersecurity firm Trugard and onchain trust protocol Webacy announcing an artificial intelligence-based system for detecting crypto wallet address poisoning. The new tool has a success score of 97%, tested across known attack cases.

該報告遵循加密網絡安全公司Trugard和OnChain Trust協議網絡播放，宣布了一個基於人工智能的系統，用於檢測加密錢包地址中毒。新工具的成功得分為97％，在已知的攻擊案例中進行了測試。