Guide 2026-06-08

Fake USDT and the proof-of-funds scam: when a Tether balance is worth nothing

Your wallet can show a six-figure Tether USD (USDT) balance that is worth exactly zero. Fake-USDT tokens copy the real name, symbol and decimals but live at a different contract, and scammers use them off-chain to fake proof of funds. They rarely trade, so most tools never see them. Here is how the scam works and the one check that defeats it.

A wallet that shows 250,000 Tether USD is not the same as a wallet that holds 250,000 USDT. The first is a number on a screen; the second is money. The gap between them is one of the simplest and most effective scams on Ethereum, and it does not need a honeypot, a rug pull, or even a single trade.

A token is its address, not its name

Anyone can deploy an ERC-20 and set its name() to “Tether USD”, its symbol() to “USDT”, and its decimals() to 6. Nothing stops them. Your wallet and the block explorer read those fields and display the token exactly as if it were the real thing, logo aside.

But the real USDT lives at one specific contract: 0xdAC17F958D2ee523a2206206994597C13D831ec7. A token with the same name and symbol at any other address is a different asset with zero relationship to Tether, and almost always zero value.

Tether USD - USDT - 6 dp0xdAC1…ec7the canonical Tether contractworth 1.00 USDTether USD - USDT - 6 dp0x07d0…f1dca fresh contract, anyone can deployworth 0.00same name + symbol. different address. only one is money.

The scam is the proof, not the trade

You do not lose money by buying a fake USDT - you usually cannot, because it has no liquidity pool and never trades. You lose money off-chain, after being convinced the balance is real. The pattern:

  1. The operator sends you (or shows you a wallet holding) a large “Tether USD” balance.
  2. They give you a reason the funds are real and need to move: an OTC deal, an escrow proof, a “test” payment, a job signing bonus, or a flash-loan or “liquidity bot” demo.
  3. You send something genuinely valuable back - real USDT, ETH, goods, services, or a token approval.
  4. The fake balance was never worth anything. They keep your real value; you keep a worthless token at a fake address.

This is why the family is often called “FlashUSDT”. It is social engineering wearing an on-chain costume.

Why most tools miss it

Scam-detection that triggers on liquidity, trading, or sell-simulation never sees these tokens, because they do not have a pool and never trade. They are invisible to anything that waits for a Uniswap pair. The only moment they are visible is at deployment, in the spoofed metadata itself.

The one check that defeats it

Before you trust any “Tether USD”, “USD Coin”, “Wrapped Ether” or other major-token balance, check the contract address against the canonical one. The real ones, on Ethereum mainnet:

  • USDT: 0xdAC17F958D2ee523a2206206994597C13D831ec7
  • USDC: 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48
  • WETH: 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2
  • DAI: 0x6B175474E89094C44Da98b954EedeAC495271d0F

If the balance in front of you is at any other address, it is not the real asset, no matter what the name says. No legitimate transaction requires you to send value because someone “has USDT” at an address you have never verified.

How RektRadar flags it

We read name() and symbol() the moment a contract deploys and compare them against a canonical-address map of the major tokens. An exact match at a non-canonical address fires the Impersonates a Major Token signal - a high-confidence verdict that needs no liquidity and no trade history, so we catch these the second they hit the chain rather than weeks later when a victim reports them.

Paste any token address into the free rug pull detector at app.rektradar.io to see whether it is the real asset or an impersonator. For the tradeable side of the scam economy, see how honeypots trap your funds and the most common Ethereum scam signals.