CZ: Yesterday, Binance’s internal address suffered a “zero transfer phishing attack”, and it was discovered in time that there was no actual loss.

Binance founder and CEO Changpeng Zhao (CZ) posted on Twitter that Binance’s internal address suffered a “zero transfer phishing attack” yesterday. The operator immediately discovered the error after completing the transaction (transferring 20 million USDT) and promptly requested to freeze USDT. . Now you need to go through some procedures, including submitting a police report, to recover the funds. Fortunately, there is no actual loss of funds. I hope that sharing this matter can help users be vigilant.
Note: "Zero-transfer phishing attack" is an attack method that has basically no technical content, but is extremely easy to fall into. The attacker uses an address with the same first and last letters and numbers as the target address (only the middle letters are different) to transfer 0 tokens to complete the "poisoning" action. When users make transfers, due to carelessness, or because some dApps omit the address content in pursuit of a beautiful UI interface, it is easy to confuse the hacker's address with the address where the transfer was originally planned, and thus "actively" transfer assets to the hacker's address.