Secure Wallet Fraudster Steals $2M In One Week With ‘Address Poisoning’
A crypto hacker specializing in “address poisoning attacks” stole over $2 million from Safe Wallet users last week alone, bringing the total number of victims to 21.
On December 3, Web3's fraud detection platform Scam Sniffer reported that since November 26, nearly ten secure wallets have lost $2.05 million to tackle poisoning attacks.
According to data compiled by Dune Analytics' Scam Sniffer, the same attacker reportedly stole at least $5 million from 21 victims in the past four months.
Scam Sniffer even reported that one of the victims had $10 million in crypto in his Safe Wallet, but “luckily” only lost $400,000 of that.
~10 secure wallets lost $2.05 million in an “address poisoning” attack last week.
The same attacker stole $5 million from ~21 victims in the last four months. pic.twitter.com/fu4kxaI3py
– Fraud Fraudster | Web3 Anti-Scam (@realScamSniffer) December 3, 2023
An address poisoning attack occurs when a victim creates an address that is identical to the one they regularly send money to – often using the same first and last characters.
The hacker usually sends a small amount of crypto from the newly created wallet to the target to “poison” their transaction history. An unsuspecting victim can mistakenly copy the same address from the transaction history and send money to the hacker's wallet instead of the intended destination.
Cointelegraph has reached out to Safe Wallet for comment on the matter.
A massive address poisoning attack that appears to have been carried out by the same attacker cost real-world real estate lending protocol Florence Finance $1.45 million in USDC on November 30.
At the time, blockchain security firm PeckShield, which reported the incident, showed how the attacker was able to spoof the protocol, revealing that both the poison and the real address start with “0xB087” and end with “5870”.
#PeckShieldAlert #Florence Finance has fallen victim to an #addresspoisoning scam, resulting in the loss of ~$1.45M$USDC. Target address: 0xB087cfa70498175a1579104a1E1240Bd947f5870Phishing address: 0xB087269DE7ba93d0Db2e12ff164D60F0b3675870 picBtwittercom
— PeckShieldAlert (@PeckShieldAlert) November 30, 2023
In November, Scam Sniffer reported that hackers were abusing Ethereum's ‘Create2' Solidity functionality to bypass wallet security alerts. This led to Wallet Drainers stealing nearly $60 million from 100,000 victims in six months, he said. Address poisoning is one of the methods used to accumulate ill-gotten gains.
Related: What are address poisoning attacks in crypto and how to avoid them?
Create2 pre-calculates contract addresses, allowing malicious actors to generate new identical wallet addresses that are transferred after the victim authorizes a fake signature or transfer request.
According to the security team at SlowMist, one group has been using Create2 since August to “consistently steal nearly $3 million in assets from 11 victims, with one victim suffering losses of up to $1.6 million.”
Magazine: Should crypto projects negotiate with hackers? in case
