New Address Poisoning Attacks: A Growing Threat in Cryptocurrency
Cryptocurrency Scams: How Hackers Drain Millions
Cryptocurrency enthusiasts and investors have recently fallen prey to a rising threat in the digital asset realm: address poisoning attacks. These malicious tactics have resulted in substantial financial losses, with hackers making off with millions. In the past week alone, an evil actor executed a brazen assault on Safe Wallet users, stealing over $2 million. This incident has raised the total number of victims to a staggering 21.
about ~10 Safe wallets have lost $2.05 million to "address poisoning" attacks in the past week.
the same attacker has stolen $5 million from ~21 victims in the past four months so far. pic.twitter.com/fu4kxaI3py
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 3, 2023
Address Poisoning Unveiled
Address poisoning, a cunning stratagem employed by cybercriminals, involves the creation of deceptive addresses that closely resemble legitimate ones, particularly in their initial and terminal characters. The attacker then embarks on a campaign to “poison” the victim’s transaction history by regularly sending small amounts of cryptocurrency to the fabricated address. The goal is to trick the unsuspecting victim into copying the fraudulent address from their transaction history and inadvertently sending funds to the hacker’s wallet instead of the intended destination.
This deceptive ploy has recently wreaked havoc in the cryptocurrency ecosystem. Scam Sniffer, a Web3 scam detection platform, reported that around ten Safe Wallets succumbed to address poisoning attacks, resulting in a collective loss of $2.05 million since November 26th. Astonishingly, this same assailant is alleged to have siphoned off a substantial $5 million from approximately 21 victims over four months.
The Florence Finance Saga
Address poisoning attacks have not spared prominent platforms, as the Florence Finance incident exemplified. In this high-profile case, a lousy actor managed to abscond with $1.45 million in assets from the protocol. The attacker employed a contaminated address generated by the ‘create2’ function before converting it to DAI, thereby preventing asset freeze. It’s worth noting that a similar transaction involving ‘create3’ was previously reported by SlowMist, resulting in losses of $1.66 million.
The modus operandi of these attacks becomes apparent when examining the transaction history UI, where the last four digits of the wallet addresses are eerily similar, ultimately leading victims to fall into the trap unwittingly. Interestingly, one fortunate user with a wallet holding a total of $10 million in assets only lost $400,000 due to address poisoning, highlighting the erratic nature of these attacks.
another Safe Wallet lost $31k to "address poisoning" attack about 6 hours ago.
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 4, 2023
Guarding Against Cryptocurrency Scams
The surge in cryptocurrency scams in recent years has led to substantial financial losses, eroded investor confidence, and intensified regulatory scrutiny. While hackers employ an array of tactics to drain virtual asset platforms, there are measures that both platforms and users can take to mitigate the risks.
Platforms can play a pivotal role by implementing robust monitoring mechanisms and additional security checks. One effective strategy is to send a reminder to users each time a transfer is made to a new wallet, helping to raise awareness of potential threats.
On the user’s end, it is imperative to exercise caution and refrain from solely relying on transaction history. Cross-validation through multiple sources should be standard practice to ensure the legitimacy of transactions.
In a digital landscape where cyber threats loom large, vigilance and proactive measures are essential to safeguard one’s cryptocurrency holdings. Addressing poisoning attacks serves as a stark reminder that security is paramount in the world of cryptocurrency.
