Fake USDT and Token Impersonation Scams: How to Verify You Have the Real Contract
Someone sends you "USDT" as payment. Your wallet shows the balance going up. The name is right, the logo is right. You fulfill the order. Then you try to send your USDT somewhere and it fails โ or arrives and is worth nothing. What you received was a fake ERC-20 token with Tether's name and logo, no actual peg, and no value.
The FBI issued a specific warning about this in 2023 as impersonation scams grew over 1,000% year-over-year. Anyone can deploy an ERC-20 token with any name, ticker symbol, and logo in about five minutes. The technology has no built-in gatekeeping for what a token claims to be.
How token impersonation works
Deploying a fake token is straightforward. You write a standard ERC-20 contract, set the name to "Tether USD," the symbol to "USDT," and the decimals to 6 (matching the real thing). You upload Tether's logo. You mint as many tokens as you want. You send them to whoever you want. Cost: under $20 in gas.
The receiving wallet has no way to know this isn't the real USDT. It sees an incoming ERC-20 transaction, reads the self-reported name and symbol, and displays it accordingly. MetaMask, Trust Wallet, Coinbase Wallet โ they all behave the same way. The token shows up looking exactly like real USDT.
The fake token has no value. It's not backed by dollars. It can't be redeemed anywhere. You can try to swap it on Uniswap โ there's no liquidity. The only thing the contract can do is exist in your wallet and mislead you.
The scenarios where this causes real losses
P2P trades and OTC deals. Someone offers to buy your crypto with USDT. They send the USDT first to prove they have it. You see it arrive, verify the amount, and send your side of the deal. The USDT in your wallet is fake. They have your real crypto.
Freelance and service payments. A client pays an invoice in "USDT." You see the transaction, assume it's complete, and deliver the work or goods. You try to use your USDT later and it has no value.
Address poisoning combined with fake tokens. Scammers sometimes send tiny amounts of fake USDT from an address that looks like a legitimate exchange address, poisoning your transaction history with both a fake token and a fake source address at once.
How to verify the real contract address
The only reliable check is comparing the contract address against an authoritative source. The token's name means nothing โ the address is what matters. Official contracts for the most common stablecoins on Ethereum:
- โขUSDT (Tether): 0xdAC17F958D2ee523a2206206994597C13D831ec7
- โขUSDC (Circle): 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48
- โขDAI (MakerDAO): 0x6B175474E89094C44Da98b954EedeAC495271d0F
- โขBUSD (Binance โ deprecated): 0x4Fabb145d64652a948d72533023f6E7A623C7C53
For any other token, look it up on CoinGecko or CoinMarketCap before accepting payment. Both sites list official contract addresses for every chain. If the address on the transaction doesn't match the one listed on CoinGecko, it's fake.
Address poisoning attacks use a similar deception through your wallet history โ read our guide on address poisoning attacks for the related threat. You can also learn how to read a blockchain transaction to verify contract details directly on Etherscan.
Frequently asked questions
How can I find the real USDT contract address?
USDT on Ethereum: 0xdAC17F958D2ee523a2206206994597C13D831ec7. USDC on Ethereum: 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48. For other tokens and other chains, verify against CoinGecko or CoinMarketCap.
Can fake tokens appear in MetaMask automatically?
Yes. MetaMask shows any ERC-20 you receive, including fake ones. The wallet reads the self-reported name, not a verified identifier. You have to check the contract address yourself.
Is there a way to check if a token is verified?
Search the contract address on CoinGecko. If it doesn't appear, or the name doesn't match what you expected, treat it as unverified. Etherscan also shows whether a token is widely traded and listed.
Flag unverified contracts before you sign
GuardianAI checks token contract addresses in every approval and transaction request, flagging unverified or suspicious contracts before you confirm. Free Chrome extension.
Get GuardianAI โ It's Free