DEA gets duped: Agency loses $55K in address poisoning scam
The United States Drug Enforcement Administration (DEA) — the agency tasked with enforcing the country’s drug laws — lost $55,000 in seized Tether (USDT) earlier this year at the hands of a scammer.
Forbes reported on Aug. 24 that in May, the agency seized over $500,000 worth of USDT from two Binance accounts it suspected of laundering money from drug sales as part of a multi-year investigation.
The funds were put in DEA-controlled Trezor crypto wallets and stored securely, according to a search warrant seen by Forbes. As part of standard forfeiture processing the DEA sent a test amount of just over $45 worth of USDT to the U.S. Marshals Service.
An on-chain sleuth picked up on the transaction and then quickly set up a crypto wallet with the same first five and last four characters of the Marshals account — a scam tactic known as “address poisoning.”
The scammer airdropped a token to the DEA’s wallet so that the spoofed address will appear as a recent transaction, and thus tricking the owner into accidentally transferring funds to the wrong address.
I almost got hit by an address poisoning scam.
Sent a second tx to someone just after the first, and was lazy and just copy pasted his address from my transaction history.
Yup, copy pasted the poison tx address.
Just before confirming, @Rabby_io informed me that I had never… pic.twitter.com/XlHPTs8PZy
— N̴̡̩̠̻̩͜͝a̴͍͙̫̹̅u̶̼̠̭͐̂͘h̷͇̻̭̚c̴͉͈̎̂̅͗̉̈́̆͑̍̀ (@nauhcner) April 18, 2023
The tactic worked against the DEA agent, who sent over $55,000 to the scammer.
By the time the Marshals noticed and alerted the DEA who in turn asked Tether to freeze the funds it was too late.
The USDT had already been swapped for Ether (ETH) and Bitcoin (BTC) and then shifted to different crypto wallets.
Related: SEC charges former corrections officer with role in bizarre crypto scam
The DEA alongside the FBI is investigating the incident and is yet to find whose behind the attack. All they’ve found so far are two Binance accounts that paid for the attacker wallet gas fees which used two Gmail email addresses to sign up.
It’s hoped Google has some information that can be used to nab the owner of the Gmail accounts.
The DEA did not immediately respond to a request for comment.
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story