US government falls into cryptocurrency scam and sends BRL 273,000 to scammer

One brave con artist managed to deceive the US Drug Enforcement Administration (DEA, acronym in English) to steal $55,000, about 273 thousand reais, worth of cryptocurrencies. The same US organization that shut down Silkroad, the biggest drug platform on the dark web, has fallen for one of the oldest scams on the internet: a phishing attack.

The scammer’s modus operandi is remarkable, illustrating that often overlooked social engineering remains one of the most effective tools in the cybercriminals’ arsenal. What is even more surprising is the con artist’s audacity in attacking the DEA.

According to Forbes, the DEA has seized more than $500,000 in USDT from two Binance accounts on suspicion of involvement in drug trafficking. These funds were transferred to accounts controlled by the DEA, stored in a wallet trezor and kept in a safe place.

The scammer, alert to such moves, noticed a test transaction of $45.36 paid by the DEA to the US Federal Police known as US Marshals.

The criminal then created a new address and replicated the last four characters from the Marshals wallet, a cunning trick designed to confuse any user.

DEA falls for address poisoning scam

In the context of cryptocurrencies, all transactions are public on the blockchain and scammers get creative to exploit this transparency.

The scammer who fooled the DEA by analyzing the blockchain quickly created a US Marshals-like wallet and used an airdrop technique, i.e. tokens sent to the target wallet.

The technique was used to deposit random tokens into the DEA account, tricking the agents. Such a strategy is based on the fact that addresses, due to their length, are typically copied and pasted with each transaction, rather than being re-entered.

Normally, when a user performs a test transaction, it’s navigated to the transaction history and copied the transaction address directly from there, which it probably did, but the agent ended up copying the poisoned address.

Unfortunately, since you can’t blame an intern, a DEA agent was fooled by this tactic and wired $55,000 to the wrong address.

The US government loses R$ 273,000 in cryptocurrencies

When the error was discovered, attempts were made to freeze the money, but the scammer had already converted and transferred the amount to Ethereum and Bitcoin.

While the daring con artist behind the attack has not yet been identified, an FBI investigation found that the suspect had made significant transactions totaling more than $425,000 in recent months.

The DEA declined to comment on the case, showing a clear sign of embarrassment.

The incident underscores the importance of carefully checking every detail when trading cryptocurrencies. Experts advise to always confirm the full address, and not just the beginning and end, as usual, before making a transfer. Finally, the DEA and FBI monitor the stolen funds.

Source: Live Coins