A crypto hacker specializing in “address poisoning attacks” managed to steal over $2 million from Safe Wallet users alone last week, with the total number of victims now standing at 21.
On December 3, scam detection platform Web3 Scam Sniffer reported that around ten Safe Wallets lost $2.05 million in address poisoning attacks since November 26.
According to data from Dune Analytics compiled by Scam Sniffer, the same attacker allegedly stole at least $5 million from around 21 victims in the last four months.
Scam Sniffer reported that one of the victims even had $10 million in cryptocurrency in a secure wallet, but "luckily" only lost $400,000.
around ~10 secure wallets have lost $2.05 million to “poisoning” attacks over the past week.
The same attacker has stolen $5 million from approximately 21 victims in the last four months. pic.twitter.com/fu4kxaI3py
— Scam Tracker | Anti-scam Web3 (@realScamSniffer) December 3, 2023
Address poisoning occurs when an attacker creates an address similar in appearance to the one to which the targeted victim regularly sends funds, typically using the same leading and trailing characters.
The hacker often sends a small amount of cryptocurrency from the newly created wallet to the target to "poison" their transaction history. An unwitting victim could mistakenly copy the similar address from the transaction history and send funds to the hacker's wallet instead of the intended destination.
Cointelegraph has reached out to Safe Wallet for comment on the matter.
A recent high-profile address poisoning attack apparently carried out by the same attacker occurred on November 30 when real-world asset lending protocol Florence Finance lost $1.45 million in USDC.
At that time, blockchain security company PeckShield, which reported The incident showed how the attacker may have been able to fool the protocol, with the real and poisoned address starting with "0xB087" and ending with "5870."
#PeckShieldAlert #FlorenceFinances was the victim of a #PoisonDirection scam, resulting in a loss of ~$1.45 million $USDC.
Expected address: 0xB087cfa70498175a1579104a1E1240Bd947f5870
Phishing address: 0xB087269DE7ba93d0Db2e12ff164D60F0b3675870 pic.twitter.com/x1BJ77lhFv- PeckShieldAlert (@PeckShieldAlert) November 30, 2023
In November, scam tracker reported that hackers have been abusing Ethereum's Solidity 'Create2' feature to bypass wallet security alerts. This has led Wallet Drainers to steal around $60 million from nearly 100,000 victims over six months, he said. Address poisoning has been one of the methods they used to accumulate their ill-gotten gains.
Related: What are cryptocurrency address poisoning attacks and how to avoid them?
Create2 precomputes contract addresses, allowing malicious actors to generate new, similar wallet addresses that are then deployed after the victim authorizes a fake signature or transfer request.
According to SlowMist's security team, a group has been using Create2 since August to "continuously steal nearly $3 million in assets from 11 victims, with one victim losing up to $1.6 million."
Magazine: Should crypto projects ever negotiate with hackers? Probably
Post navigation
