How to Stay Safe as Binance Falls Victim to Zero Transfer Scam

Binance recently became the target of a zero transfer scam.

by . Fact checked by: Ciaran Lawler, Editor: Stefan Trapp
Published:
Man jumping through scammers on the phone.
Created by Kornelija PoderskytÄ— from DailyCoin
Google News Follow Button
  • Binance recently became the target of a zero transfer scam.
  • The scam attempts to trick the target into sending assets to an address similar to the one they last interacted with.
  • This article explores how this scam works and how to protect yourself.

Scams have existed throughout history and appear in almost every industry. But even the most seasoned industry experts are not immune to the scourge.

On Tuesday, August 1, Binance, the world’s largest crypto exchange, nearly lost 20 million USDT to a zero transfer scam. As confirmed on Wednesday, August 2, by the firm’s Chief Executive Officer Changpeng “CZ” Zhao, the exploiter managed to fool “a very experienced crypto operator” at the exchange. Still, a quick reaction enabled the firm to get Tether to freeze the assets before they were moved.

In this article, DailyCoin will explore how these scams work, what makes them possible, who is at risk, and how to avoid them.

How Zero Transfer Scams Work

Like wallet poisoning scams, the ultimate goal of a zero transfer scam is to get a malicious wallet address to appear in your transaction history. The scam employs a wallet address similar to the one a victim had previously interacted with to trick them into transferring assets to the fraudulent address in the future.

Sponsored

But unlike wallet poisoning exploits where bad actors send minuscule amounts of assets to random addresses, zero transfer scammers send zero assets to their wallets from potential targets. 

Examples of malicious zero value transactions.
Examples of malicious zero-value transactions. Source: Elliptic

The zero transfer scam exploits the “TransferFrom” function in token contracts and is particularly insidious as it appears that the user was the one to initiate the transaction. While an attacker will typically need a user’s private keys to confirm transactions for their wallet, the TransferFrom function allows users to send assets from another person’s address so long as it is within a limit allowed by the address.

Sponsored

This function should mean that attackers can not confirm transactions for another user without the user’s permission. However, that’s not completely true. The allowed limit within some token contracts is set as a number: zero. Consequently, in these instances, attackers can initiate a transaction from another user’s address if the value is equal to or less than zero.

In January, Elliptic suggested that the exploitable function could be found in token contracts on the BSC, Ethereum, and TRON networks.

Who Is at Risk?

As highlighted by recent events, anyone in the crypto space, including Binance, can fall victim to the zero transfer scam.

While Binance avoided a loss by reacting quickly after the fact, not all users would be so fortunate. Hence it becomes necessary to understand how you can take steps to avoid these scams.

How to Avoid Zero Transfer Scams

Zero transfer scams take advantage of one of the pain points of crypto, the length, complexity, and randomness of wallet addresses. While a key feature in preserving anonymity, it also increases the chances of errors.

As a result, avoiding exploits like the zero transfer scam requires extra attention to detail. Below are some tips to stay safe:

  • Instead of initiating transactions from your transaction history, always copy addresses directly from the source when possible.
  • Thoroughly double-check an address before initiating a transaction. Checking only the first five and last five characters is insufficient.
  • Calmly and thoroughly evaluate unexpected transactions from your wallet.
  • Reach out to your wallet provider and security firms when unsure.
  • Conduct test transactions before moving large amounts of crypto assets.

On the Flipside

  • Wallets like MetaMask have separate transaction histories instead of sourcing records directly from the blockchain, effectively filtering out spam transactions.
  • In May 2021, Crypto.com accidentally sent a woman $10 million.

Why This Matters

Binance’s near $20 million loss highlights that no one is above getting scammed. The immutability of the blockchain can make fund recovery difficult. Hence users must take steps to prevent losses.

Read this to learn about the gas token scam and how to protect yourself:

New Gas Token Scam Arises: How to Protect Yourself

Is Binance’s trade volume decline a cause for concern? Find out more:

Binance Suffers $870B Trade Volume Drop in 2023: Should You Worry?

DailyCoin Newsletter

The hottest crypto news, straight to your inbox!

newsletter icon

Get a daily dose of crypto stories in a quick read with a tongue-in-cheek twist! Suitable for everyone, from crypto newbs to battle-tested veterans.

      You can easily unsubscribe at any time. Spoiler Alert: You won’t want to!

      This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

      Tags
      Author
      Okoya David
      Okoya David

      David Okoya is a crypto news reporter at DailyCoin based in Nigeria. He covers various topics related to the cryptocurrency industry, including exchanges, regulations, and price movements, and strives to bring fresh angles to breaking news. With experience as a freelance crypto news writer, David upholds the highest journalistic standards, telling complete stories and answering lingering questions whenever possible.