Agency loses K in address poisoning scam

The U.S. Drug Enforcement Administration (the agency tasked with enforcing the country’s anti-drug laws) seized $55,000 in Tether (USDT) from scammers earlier this year.

Forbes report On Aug. 24, the agency seized more than $500,000 worth of USDT in May from two Binance accounts suspected of laundering money through drug sales.

According to a search warrant seen by Forbes, the funds were held and securely stored in Trezor encrypted wallets controlled by the DEA. As part of the standard forfeiture process, the DEA sent a test amount of USDT worth just over $45 to the US Marshals Service.

An on-chain sleuth spotted the transaction, then quickly set up an encrypted wallet containing the same first five and last four characters as the Marshals account — a scam tactic known as “address poisoning.”

Scammers airdropped tokens into DEA’s wallets, making the spoofed address appear as a recent transaction, thereby tricking the owner into accidentally transferring funds to the wrong address.

This tactic worked against DEA agents, who wired more than $55,000 to the crooks.

When the Marshals noticed and alerted the DEA, the DEA asked Tether to freeze the funds, but it was too late.

USDT has been exchanged for Ethereum (ETH) and Bitcoin (BTC), and then transferred to different crypto wallets.

related: SEC Charges Ex-Correction Officer with Bizarre Cryptocurrency Scam

The DEA and FBI are investigating the incident, but have yet to identify who was behind the attack. So far, all they’ve found are two Binance accounts that paid the attackers’ wallet gas fees, registered using two Gmail email addresses.

Hopefully Google has some information it can use to catch Gmail account owners.

The DEA did not immediately respond to a request for comment.

Magazine: $3.4B Worth of Bitcoin in a Popcorn Jar — The Story of the Silk Road Hack