What is a Transfer Phishing Attack?

Scams, particularly those targeting financial assets, have been around a long time — long before the conception and advent of cryptocurrencies and blockchain technologies. One of the most commonly occurring scams which is often used by bad actors, is the phishing scam which revolves around the premise of duping unsuspecting victims of their finances or personal and highly confidential information.

As cryptocurrencies and digital assets continue to gain traction with greater volumes of adoption globally, it is important to understand some of the cyber attack techniques being used by bad actors to ensure your funds are protected and ‘SAFU’.

In this article, we will take a look at the ‘Transfer Phishing Attack’, how to spot it and how to avoid it happening to you.

If you discover any suspicious ‘zero value’ transfers from your on-chain transaction history, they were likely made by transfer phishing attackers.

A “transfer phishing attack” is a phishing method in which bad actors target users to unknowingly or inadvertently send their funds to fraudulent wallet addresses. These fraudulent addresses on users’ transaction histories will display the same abbreviated characters (usually the first 2-3 characters and last 4-5 characters) as the original addresses.

Wallet Addresses

How Does a “Transfer Phishing Attack” Work?

After a transaction is made, attackers will monitor that transaction and generate a fraudulent address with the same first and last characters to impersonate the original address from the receiving user.

Attackers will use this fraudulent address to send a ‘zero value’ transaction to leave a record on-chain to the original sender. As transactions with zero values do not require confirmation approvals, such transactions can be recorded without specific authorization.

Zero value transaction

As the fraudulent address will look similar to the original wallet address, it intends to mislead the user to transfer funds to the fraudulent address for future transactions, using the auto fill-in feature.

In order to prevent this from happening to you and avoid your funds being stolen by such phishing attacks, you should always double-check your address before making any transactions. That is, unless you are using Cactus Custody’s enhanced safety features.

To safeguard its clients’ funds against transfer phishing attacks, Cactus Custody has enhanced its system. The implementation of a robust whitelist feature in the system prevents all transactions with zero values, providing protection against transfer phishing attacks. Additionally, the system always displays complete addresses to ensure user awareness.

Cactus Custody System