The U.S. Drug Enforcement Administration (DEA) has fallen victim to a crypto scam that cost them over $55,000 in seized Tether (USDT), a stablecoin pegged to the U.S. dollar. The scammer used a technique called “address poisoning” to trick the agency into sending the funds to a fake wallet address.
How the scam happened
According to a report by Forbes, the DEA seized over $500,000 worth of USDT from two Binance accounts in May as part of a multi-year investigation into drug money laundering. The funds were transferred to two Trezor crypto wallets controlled by the DEA and stored securely.
As part of the standard forfeiture process, the DEA sent a test transaction of $45.36 to the U.S. Marshals Service (USMS), which handles the disposal of seized assets. However, an on-chain sleuth noticed the transaction and quickly created a fake wallet address that resembled the USMS’s address. This is known as “address poisoning”, a scam tactic that exploits the fact that crypto addresses are long and complex strings of alphanumeric characters that are hard to verify by human eyes.
The scammer then sent a small amount of a token to the DEA’s wallet, hoping that the agency would copy and paste the fake address from their transaction history instead of the real one. The tactic worked, as the DEA agent mistakenly sent over $55,000 to the scammer’s address.
By the time the USMS alerted the DEA and asked Tether to freeze the funds, it was too late. The scammer had already swapped the USDT for Ether (ETH) and Bitcoin (BTC) and moved them to different wallets.
Who is behind the scam?
The DEA and the FBI are investigating the incident, but have not yet identified the culprit. All they have found so far are two Binance accounts that paid for the gas fees of the scammer’s wallet, which used two Gmail addresses to sign up. It is possible that Google has some information that can help track down the owner of those accounts.
The scammer may have also used a VPN or other tools to hide their IP address and location. Binance, which is one of the largest crypto exchanges in the world, has not commented on whether it is cooperating with the authorities or not.
What is address poisoning?
Address poisoning is a type of crypto scam that involves creating fake addresses that look similar to real ones and tricking users into sending funds to them. It is also known as “typo-squatting” or “homograph attacks”.
Address poisoning can be done by changing one or more characters in an address, such as replacing an “O” with a “0” or an “l” with an “I”. It can also be done by using Unicode characters that look like Latin letters but have different values, such as “а” (Cyrillic) instead of “a” (Latin).
Address poisoning can be prevented by using tools that verify addresses before sending funds, such as QR codes, checksums, or browser extensions. Users should also double-check addresses manually and avoid copying and pasting them from untrusted sources.