Cryptheory: Crypto and Internet

cryptocurrency and internet meaning, guides, learning

Lessons from DEA’s 50,000 USD crypto loss

4 min read

No one is immune from crypto fraud and theft, not even the US Drug Enforcement Administration (DEA).

This month it was revealed that the US Drug Enforcement Administration fell for a crypto scam and lost over 55,000 USD worth of stablecoins. The incident serves as a reminder that the wild world of cryptocurrencies punishes carelessness and ignorance, especially through a deceptively simple scam.

How did the DEA get betrayed? And how can you protect yourself?

Attack via address positing

The US Drug Enforcement Agency (DEA) has fallen for a crypto scam called address poisoning that is on the rise in 2023.

It all started when the DEA seized over $500,000 worth of Tether stablecoins (USDT) from two Binance accounts in May 2023.

The accounts were suspected of being funded by illegal drugs, as Forbes reports. The seized funds were then stored in a DEA-controlled Trezor hardware wallet.

When US federal prosecutors seize assets (real estate, cash, cryptocurrencies, etc.) from criminal activity, they turn them over to the United States Marshals Service. This department is responsible for the management and sale of confiscated assets.

The good and bad about cryptocurrencies and public blockchain networks is that all transactions are transparent and public.

Anyone with an internet connection and the necessary know-how can track a wallet address’s transactions and available funds. Unfortunately for the DEA, a crypto scammer did just that.

After the DEA seized 500,000 USD worth of Tether, the agency prepared to hand over the stablecoins to the US Marshals Service.

First, as is typical, the DEA conducted a test run by sending a nominal amount (about $45) to the US Marshals Service wallet address.

After observing the blockchain activity of the DEA-linked wallet, the fraudster quickly created a wallet address that matched the first five and last four characters of the US Marshals Service wallet address.

The scammer then sent a cryptocurrency token from the fake address to the DEA-linked wallet. By doing so, the scammer created a transaction history in the DEA wallet and made it appear as if the US Marshals Service had sent the cryptocurrency.

The crypto thief hoped that the DEA would use the fake address from the transaction history to send the rest of the money to the fraudster.

And the DEA did just that… They sent over 55,000 USD worth of stablecoin to the scammer’s wallet address.

How did the DEA fall for the scam?

Cryptocurrency wallet addresses typically consist of 42 random alphanumeric characters, making them incredibly difficult to remember. Most cryptocurrency wallet users identify and verify addresses by checking only the first and last four characters of the address.

Using vanity wallet address generators, scammers can create addresses that match the first and last characters of the target wallet. This is what happened with the US DEA crypto heist.

How can you protect yourself from such attacks?

Reading this article may have already sensitized you, right? Knowing about the different types of crypto scams will keep you one step ahead of the scammers.

Crypto scams range from social engineering attacks like email phishing to thefts that rely on human habits – be aware that just checking the first and last digits of a wallet is not enough to prevent a crypto hijack.

Crypto scammers who spy on addresses take advantage of people’s careless behavior. The best way to protect yourself from address poisoning attacks is to check every character of the wallet address you are sending money to or set up a contact list as suggested below.

  • Create a contact list

Centralized crypto exchanges and self-managed wallets have features that allow users to store frequently used addresses or provide QR codes as a way to send contacts. This way, you don’t have to copy and paste the recipient’s wallet address every time you want to send them cryptocurrencies.

  • Use Ethereum Name Services

Ethereum Name Services (ENS) is a solution that converts 42 alphanumeric, character-long wallet addresses into easy-to-remember usernames of your choice (as long as the username is still available). ENS also assigns website domains.

Using ENS usernames (e.g. alice.eth, bob.eth) eliminates the need to copy and verify 42 alphanumeric, character-long wallet addresses.

The self-managed wallet Coinbase Wallet issues free ENS usernames that contain “” at the end (e.g.,, making it easy and simple to transfer funds between Coinbase Wallet -Send to users.

  • Delete suspicious tokens and NFTs

The public nature of crypto blockchains allows anyone to send you cryptocurrencies and NFTs to your wallet address. If you see a suspicious token airdrop, you can “hide” it in your wallet. You should not transfer or send the suspicious tokens to another account or burner address to avoid triggering potentially malicious smart contracts associated with the tokens.

The bottom line

We need to show some leniency to the U.S. Drug Enforcement Agency. Anyone can fall victim to crypto scams and it is important to remain humble, mindful and curious. The crypto landscape is evolving rapidly, and scammers are becoming more technical and sophisticated every day.

In case you’re wondering if the DEA ever got their money back? According to Forbes, the scammer converted the stolen stablecoins into Ethereum (ETH) and Bitcoin (BTC) and moved the cryptocurrency to a new wallet.

The fraudster has not yet been identified, but authorities have made some progress in the investigation. They located two email addresses associated with Binance accounts that were used to pay the scammer’s gas fees.

Luckily for the DEA, they caught the scam early enough and were able to secure the rest of the 500,000 USD.

The best platfroms to buy Bitcoin by debit or credit card 2023


All content in this article is for informational purposes only and in no way serves as investment advice. Investing in cryptocurrencies, commodities and stocks is very risky and can lead to capital losses.