A cryptocurrency hacker specializing in “address poisoning attacks” stole more than $2 million from Safe Wallet users last week alone, bringing the total number of victims to 21.
On December 3, Scam Sniffer, a Web3 fraud detection platform, reported that since November 26, approximately 10 Safe Wallets had suffered losses of $2.05 million in resolving poisoning attacks.
The same attackers reportedly stole at least $5 million from approximately 21 victims over the past four months, according to Dune Analytics data compiled by Scam Sniffer.
Scam Sniffer reported that one of the victims had $10 million in cryptocurrency stored in a Safe Wallet, but “luckily” only lost $400,000 of it.
Last week, about 10 secure wallets suffered $2.05 million in losses due to a “poisoning fix” attack.
The same attackers stole $5 million from approximately 21 victims over the past four months. pic.twitter.com/fu4kxaI3py
— Scam Sniffer | Web3 Scam Prevention (@realScamSniffer) December 3, 2023
Address poisoning is when an attacker creates an address similar to the address to which the targeted victim regularly sends funds. Typically they use the same starting and ending characters.
Hackers often send small amounts of cryptocurrency to their targets from a newly created wallet to “poison” their transaction history. Unknowing victims can then accidentally copy similar addresses from their transaction history and send funds to the hacker’s wallet rather than their intended destination.
Cointelegraph has reached out to Safe Wallet for comment on the matter.
A recent high-profile address poisoning attack that appears to have been carried out by the same attacker occurred on November 30, when Florence Finance, a real-world asset lending protocol, suffered a loss of $1.45 million in USDC.
At the time, PeckShield, a blockchain security company, reported This incident demonstrated how an attacker was able to spoof the protocol using both poison and real addresses starting with “0xB087” and ending with “5870”.
#PeckShieldAlert #FlorenceFinance become a victim #address addiction The fraud resulted in a loss of approximately $1.45 million. $USDC.
Intended address: 0xB087cfa70498175a1579104a1E1240Bd947f5870
Phishing address: 0xB087269DE7ba93d0Db2e12ff164D60F0b3675870 pic.twitter.com/x1BJ77lhFv— PeckShieldAlert (@PeckShieldAlert) November 30, 2023
Last November, Scam Sniffer reported that hackers were abusing Ethereum’s ‘Create2’ Solidity feature to bypass wallet security warnings. This led to Wallet Drainers stealing approximately $60 million from nearly 100,000 victims over a six-month period. Address poisoning was one of the methods they used to accumulate ill-gotten gains.
Related: What are address poisoning attacks in cryptocurrency and how to prevent them?
Create2 precomputes contract addresses, allowing malicious actors to generate similar new wallet addresses, which are distributed after the victim approves the fake signature or transfer request.
According to SlowMist’s security team, one group has been using Create2 since August to “consistently steal nearly $3 million in assets from 11 victims, with one victim suffering up to $1.6 million in losses.”
Magazine: Should cryptocurrency projects negotiate with hackers? maybe