In May, the U.S. Drug Enforcement Administration (DEA) fell victim to a common cryptocurrency scam, resulting in a loss of over $50,000 in USDT (Tether).
As revealed in a search warrant examined by Forbes, the DEA had confiscated roughly $500,000 in Tether from two Binance accounts suspected of laundering money from illegal drug sales. This amount was stored in a Trezor hardware wallet under the DEA’s control.
The scam unfolded after the DEA sent a test transaction to the U.S. Marshals Service, the enforcement branch of the federal court system. To deceive the DEA, the scammer quickly created a fake wallet with the same initial five and final four characters as the Marshals’ wallet. The scammer then airdropped small amounts of Tether to the DEA’s wallet to give the impression that the fake wallet belonged to the Marshals Service.
The ruse was successful as the DEA, without verifying the entire wallet address, transferred over $55,000 in cryptocurrency to the scammer.
To deceive the DEA, the attacker employed a common tactic known as address poisoning. This scam involves sending transactions of no value from an address that closely resembles the victim’s address, hoping that the victim will inadvertently copy this address from their transaction history in the future, as explained by MetaMask.
Malicious actors can use vanity address generation tools to create addresses resembling those their victims frequently use. Scammers generate millions of wallet addresses to find convincing matches, making address poisoning schemes viable on Bitcoin, Ethereum, and many other Layer-1 networks.
After being alerted by the Marshals Service, the DEA attempted to freeze the funds, which is possible with Tether. However, the funds had already been converted into Bitcoin and Ethereum.
Although the two authorities discovered some clues pointing to the scammer’s identity, such as two email addresses linked to Binance accounts, the individual behind the scam remains at large.