A cryptocurrency hacker who specializes in “address poisoning attacks” managed to steal more than $2 million from Safe Wallet users alone last week, with the total number of victims now standing at 21.
On December 3, fraud detection platform Web3 Scam Sniffer reported that about ten secure wallets had lost $2.05 million tackling poisoning attacks since November 26.
According to data from Dune Analytics Assembly and production By Scam Sniffer, the same attacker reportedly stole at least $5 million from about 21 victims in the past four months.
Scam Sniffer reported that one victim had $10 million worth of cryptocurrency in a secure wallet, but “fortunately” only lost $400,000 of it.
About 10 secure wallets lost $2.05 million due to “poisoning” attacks last week.
The same attacker has stolen $5 million from about 21 victims in the past four months so far. pic.twitter.com/fu4kxaI3py
— sniffer scam | Anti-fraud on Web 3 (@realScamSniffer) December 3, 2023
Address poisoning occurs when an attacker creates an address similar to one to which the targeted victim regularly sends money – usually using the same beginning and ending characters.
The hacker will often send a small amount of cryptocurrency from the newly created wallet to the target to “poison” their transaction history. The unintended victim could then accidentally copy the similar address from the transaction history and send the funds to the hacker’s wallet instead of the intended destination.
Cointelegraph has reached out to Safe Wallet for comment on this matter.
A recent high-profile address poisoning attack apparently by the same attacker occurred on November 30 when real asset lending protocol, Florence Finance, lost $1.45 million in USDC.
At that time, blockchain security company PeckShield, which mentioned The incident demonstrated how the attacker was able to spoof the protocol, with both the poison and the real address beginning with “0xB087” and ending with “5870.”
#PeckShieldAlert #FlorenceFinance He fell victim to a #Title of poisoning Fraud, resulting in a loss of ~$1.45 million USD/USD.
Destination address: 0xB087cfa70498175a1579104a1E1240Bd947f5870
Phishing address: 0xB087269DE7ba93d0Db2e12ff164D60F0b3675870 pic.twitter.com/x1BJ77lhFv– Peak Shield Alert (@peakShieldAlert) November 30, 2023
In November, sniffer scam mentioned That hackers were abusing Ethereum’s Solidity “Create2” function to bypass wallet security alerts. This led to the “wallet bankers” stealing about $60 million from about 100,000 victims over the course of six months. Title poisoning was one of the methods they used to accumulate their ill-gotten gains.
Related: What are address poisoning attacks in cryptocurrencies and how to avoid them?
Create2 pre-calculates contract addresses, enabling malicious actors to create new, identical wallet addresses which are then published after the victim authorizes a false signature or transfer request.
According to SlowMist’s security team, one group had been using Create2 since August to “continuously steal approximately $3 million in assets from 11 victims, with one victim losing up to $1.6 million.”
Magazine: Should cryptocurrency projects negotiate with hackers? probably