A crypto investor recently fell victim to a sophisticated phishing attack, losing over $2.6 million worth of stablecoins in a span of just three hours. This incident highlights the growing threat of ‘zero-value transfers,’ a tactic increasingly employed by scammers targeting user habits around wallet addresses. The attack, flagged on May 26th, involved two large Tether (USDT) transactions totaling $843,000 followed by a second transfer of $1.75 million just hours later. Both instances appear to have been fueled by a deceptive tactic known as ‘zero-value transfers,’ where scammers exploit the ERC-20 token standard’s transferFrom function to move no actual tokens while still recording these spoofed transactions on-chain. This effectively creates a misleading history that tricks users into believing they’re sending funds to a legitimate address. This scenario underscores the limitations of current user-facing wallet interfaces, the increasing sophistication of social engineering in cryptocurrency crime, and the urgency for robust security solutions within the Web3 space.