Crypto Hacker Steals $5 Million in 4 Months Using Address Poisoning Attacks
Summary:
A cybercriminal has been using "address poisoning attacks" to repeatedly steal from Safe Wallet users, with losses reaching over $2 million in just one week. The overall impact over the past four months is estimated to be around $5 million. "Address poisoning" involves a hacker generating a deceptive, similar-looking address, leading victims to mistakenly send funds to the wrong wallet. One high-profile attack resulted in Florence Finance losing $1.45 million. Furthermore, hackers have manipulated Ethereum's 'Create2' Solidity function, leading to widespread theft totaling $60 million over six months.
In the past week alone, a cyber criminal known for executing "address poisoning attacks" has purloined $2 million from users of the Safe Wallet. Web3 scam identification software, Scam Sniffer, declared on Dec. 3 that approximately ten Safe Wallets lost $2.05 million to such attacks from Nov. 26. Compiled data suggests that this same perpetrator has swindled an estimated $5 million from a total of 21 victims in the past four months. Astonishingly, one of the victims held $10 million in their Safe Wallet, but "fortunately" was only defrauded of $400,000.
The method of address poisoning involves the hacker creating an address that is visually similar to one that the victim regularly transacts with, by using matching start and end characters. The perpetrator typically sends a small deposit of cryptocurrency from their newly-formed wallet to the victim to “poison” the transaction history of the latter. The victim could then accidentally copy the deceptive address from their transaction history, subsequently sending funds to the hacker's wallet. Safe Wallet has been contacted for a statement by Cointelegraph.
Another major address poisoning case, believed to be carried out by the same hacker, took place on Nov. 30, when a physical asset lending protocol called Florence Finance was defrauded of $1.45 million in USDC. The incident, reported by blockchain security firm PeckShield, showed both the tampered and original addresses starting with “0xB087” and concluding with “5870.”
In related news, Scam Sniffer noted in November that cybercriminals had been exploiting Ethereum's 'Create2' Solidity function to bypass wallet security notifications leading to Wallet Drainers pilfering around $60 million from nearly 100,000 victims in a six-month timeframe, where address poisoning was among their tactics. Create2 allows culprits to pre-calculate contract addresses, facilitating the creation of similar wallet addresses that are deployed after the victim agrees to a fraudulent signature or transfer request. According to SlowMist's security group, this function has been exploited since August to unlawfully amass nearly $3 million in assets from 11 victims, with one victim incurring a loss of up to $1.6 million.
Published At
12/4/2023 5:06:17 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.