According to Tronscan, a user with the wallet address “TGr…XAE” transferred $129 million in USDT stablecoins to a phishing address on the TRON blockchain. Before that, the victim of the scam carried out a successful test transaction in the amount of 100 USDT and only then made a large transfer.
According to Tronscan experts, the theft of funds occurred as a result of the substitution of the recipient’s address, since the phishing address “THc…bu8” imitated the external address of the intended recipient “TMS…bu8” by using similar initial and final characters. After the funds were received in the fraudster’s account, they were withdrawn by the attacker to a new wallet.
The crypto-asset owner’s computer may have been infected with malware that replaces crypto wallet addresses in the clipboard with addresses associated with hackers. Since this happens in the clipboard, most people may not notice the difference between copying and pasting similar-looking addresses.
Then an extraordinary event occurred: the criminal voluntarily returned all the funds to the victim’s account. Within an hour of the transfer, 116.7 million USDT or 90% of the stolen amount was returned, and the remaining 12.96 million USDT (10%) was returned within a few more hours.
In May, sources told Hash Telegraph that the American company Tether, the issuer of USDT stablecoins, was successfully blocking users from accessing its assets. This is a new version of the Omni Core software client, which is capable of blocking funds and transactions from blacklisted crypto wallets. According to Dune Analytics, Tether currently has about 2,000 wallets on its blacklist, which hold approximately 1.3 billion USDT.
