• Binance was the target of a zero transfer scam which attempted to trick users into sending assets to an address similar to the one they last interacted with.
• The zero transfer scam exploits the “TransferFrom” function in token contracts and it appears that the user initiated the transaction.
• This article explores how this scam works, who is at risk, and how to avoid it.
What is a Zero Transfer Scam?
A zero transfer scam is an attempt by malicious actors to get a fraudulent wallet address to appear in a target’s transaction history. It exploits the “TransferFrom” function in token contracts, allowing attackers to initiate a transaction from another person’s address so long as it is within a limit allowed by the address. Some token contracts allow for this limit to be set as zero, meaning attackers can initiate transactions without permission of the user.
Who Is At Risk?
Anyone using cryptocurrency exchanges or wallets are potentially at risk of being targeted by these scams. Experienced crypto operators are not immune either; Binance recently nearly lost 20 million USDT due to such an attack. It is important that everyone remains vigilant when interacting with wallets or exchanging assets online.
How To Protect Yourself?
It is important to pay attention when transferring funds and verify that you have selected the correct wallet address before confirming any transactions. Additionally, setting up two-factor authentication (2FA) on your account will provide extra security against malicious actors trying to access your wallet or exchange accounts without authorization.
Conclusion
Zero transfer scams are becoming more common and it is important for all cryptocurrency users to remain vigilant when making transfers online or storing assets in wallets. By paying attention when transacting and setting up 2FA on their accounts, users can protect themselves from potential scammers attempting to steal their funds.
Resources
Elliptic: Examples of malicious zero-value transactions