Crypto Hacker Executes $2 Million Heist through Address Poisoning Attacks

Over the course of a week, approximately ten Safe Wallets fell victim to address poisoning attacks, resulting in losses totaling $2.05 million since November 26.

In the past week, a crypto hacker specializing in “address poisoning attacks” has orchestrated thefts exceeding $2 million from Safe Wallet users alone, bringing the total number of victims to 21.

This alarming revelation was disclosed by the Web3 scam detection platform, Scam Sniffer, on December 3.

Over the course of a week, approximately ten Safe Wallets fell victim to address poisoning attacks, resulting in losses totaling $2.05 million since November 26.

Scam Sniffer has compiled data from Dune Analytics, revealing that this same attacker has pilfered a substantial sum of at least $5 million from approximately 21 victims over the past four months.

Astonishingly, one victim had a whopping $10 million in cryptocurrency stored within a Safe Wallet, though they were “fortunate” to have only lost $400,000 of it.

Address poisoning attacks involve the creation of a deceptively similar-looking address to one where a targeted victim frequently sends funds.

Typically, this involves replicating the initial and concluding characters of the legitimate address.

The hacker then sends a small amount of cryptocurrency from the newly-created wallet to the intended victim to “poison” their transaction history.

Consequently, an unsuspecting victim may inadvertently copy the fraudulent address from their transaction history and transfer funds to the hacker’s wallet instead of the intended destination.

Cointelegraph has reached out to Safe Wallet for comments on this concerning matter.

READ MORE: US District Judge Warns SEC of Sanctions Over Deceptive Claims in DEBT Box Crypto Case

This attacker executed a high-profile address poisoning attack on November 30, resulting in a loss of $1.45 million in USDC for the real-world asset lending protocol, Florence Finance.

It is worth noting that blockchain security firm PeckShield, which reported the incident, demonstrated how the attacker potentially deceived the protocol by having both the poison and genuine addresses commence with “0xB087” and conclude with “5870.”

In November, Scam Sniffer revealed that hackers had been exploiting Ethereum’s ‘Create2’ Solidity function to circumvent wallet security alerts.

This tactic led to Wallet Drainers illegally acquiring around $60 million from nearly 100,000 victims over a six-month period.

Address poisoning emerged as one of the techniques employed by these malicious actors to amass their ill-gotten gains.

The ‘Create2’ function pre-calculates contract addresses, allowing malevolent actors to generate new, indistinguishable wallet addresses.

These addresses are subsequently deployed after the victim approves a fraudulent signature or transfer request.

SlowMist’s security team has reported that a group has been using ‘Create2’ since August to systematically siphon nearly $3 million in assets from 11 victims, with one unfortunate victim losing as much as $1.6 million.

The crypto community remains on high alert as these address poisoning attacks continue to pose a significant threat.

Discover the Crypto Intelligence Blockchain Council

No information published in Crypto Intelligence News constitutes financial advice; crypto investments are high-risk and speculative in nature.