Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Costly Mistake: Victim Loses $68 Million In Address Poisoning Scam

Costly Mistake: Victim Loses $68 Million In Address Poisoning Scam

CryptopotatoCryptopotato2024/05/03 19:28
By:Andrew ThrouvalasMore posts by this author

Someone just lost over one thousand Wrapped Bitcoin (WBTC) by copying and pasting the wrong address for a crypto transaction.

Crypto hackers have claimed another major victim, fooling him into sending $68 million to a wallet he thought was somebody else’s.

Blockchain data indicates that a once-wealthy Ethereum user lost all of his Bitcoin holdings after hackers contaminated a recipient’s wallet history. The user now holds just $1.6 million in crypto at his address.

The Danger Of Address Poisoning

According to Etherscan, the sending wallet’s remaining assets include 0.89 ETH ($2,747) and 1.63 million dollar-pegged DAI stablecoins.

The assets stolen from the victim included 1155 Wrapped Bitcoin (WBTC) – a token that operates like a stablecoin for Bitcoin on the Ethereum network, mirroring the price of the dominant digital asset. Naturally, WBTC is vulnerable to the many hacks and exploits common in the Ethereum ecosystem, such as address poisoning.

Wallet contamination or “address poisoning” involves sending a transaction – usually of zero or negligible value – to a victim’s wallet, simply so that the attacker’s address appears in the victim’s transaction history.

Notably, attackers will deliberately generate their address to have several starting and ending characters that match those of an address belonging to the victim. Popular wallet software often shrinks addresses to display only the first and last characters, making the differences in the middle undetectable on the surface.

Address Poisoning In Action

In this case, both the attacker’s address and the real target address had characters starting with 0xd9A1, and ending with 853a91.

Ideally, the attacker hopes they try to copy that address from their history the next time they intend to receive a transaction, under the mistaken belief that it’s their address or that of someone they know.

Last year, address poisoners targeted a series of SafeWallet users, stealing $2 million within one week. Back in February, a Kraken user was robbed of 1 million USDT after scammers poisoned their history mimicking the victim’s prior interaction with the exchange.

Metamask suggests users avoid copying transactions from their history, and to add frequently used addresses to their address book to avoid using any that aren’t specifically whitelisted.

“This advice applies to your own address as much as it does the addresses of others to whom you may be sending funds,” the wallet provider states on its website.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!