Tether, the company behind the USDT stablecoin, has assisted the U.S. Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) with a large asset seizure stolen from a customer support fraud scam.

In a press release on Friday, the DOJ said the U.S. Attorney’s Office in Chicago had seized $1.4 million worth of USDT from an unhosted virtual currency wallet, acknowledging Tether’s assistance in the transfer of funds. 

“The funds will be returned to the victims of the fraud. Tether’s voluntary support of the DOJ and FBI marks another significant effort in its fight against the use of cryptocurrency in the commission of financial fraud,” said Tether in a blog post on Tuesday.

The fraud scheme was initiated through a computer popup, according to the DOJ, which directed the victims to contact Microsoft or Apple support through a fraudulent telephone number. The victims then established contact with the scammers, posing as tech support employees, who convinced them to convert their fiat currency into crypto to keep it safe from hackers, under the ruse that their bank accounts had been compromised.

“The funds were then transferred into unhosted virtual currency wallets controlled by the perpetrators.  The scheme has impacted victims, mostly elderly, throughout the United States,” said the DOJ.

The stolen funds appear to have been traced to five wallets listed in a Feb. 25 affidavit calling for a warrant to seize the funds. The FBI said it traced funds back on the blockchain from a victim based in Illinois to identify the source of funds, and was able to pinpoint certain intermediary addresses that received funds from Crypto.com.

The FBI then obtained the user’s account information from Crypto.com through a legal process, and was able to interview the victim in question. 

In February alone, $47 million worth of crypto was stolen through phishing scams from around 57,000 victims, according to a report from Web3 security firm Scam Sniffer.

“Most victims were lured to phishing websites through phishing comments from impersonated Twitter accounts,” said the firm.