In a sophisticated cyber attack spanning from November 26 to December 3, a skilled hacker specializing in ‘Address Poisoning’ has siphoned off an estimated $2.05 million from nearly 10 users of Safe Wallet, a popular cryptocurrency storage service. This revelation comes from Scam Sniffer, a leading Web3 fraud detection platform, which has been closely monitoring the situation.
A Trail of Financial Havoc
Further examination of data from Dune Analytics by Scam Sniffer sheds light on the broader impact of this cybercriminal’s activities. Over the past four months, it is believed that the same attacker has amassed a total of $5 million, targeting 21 victims. In one notable instance, a user deposited $10 million in cryptocurrency into their secure wallet, only to incur a loss of $400,000 – a narrow escape considering the potential magnitude of the loss.
Understanding Address Poisoning
The method, known as ‘Address Poisoning’, involves the creation of a crypto address that closely resembles the victim’s regular transaction addresses, often matching the beginning and ending characters. The attacker then sends a small amount of cryptocurrency from this newly-created wallet to the target, thereby ‘poisoning’ their transaction history. Victims, failing to notice the subtle differences, may then mistakenly send substantial funds to the hacker’s address instead of the intended recipient.
A High-Profile Case: Florence Finance
A significant incident of address poisoning was reported on November 30, impacting Florence Finance, a protocol for lending against real-world assets. The platform faced a severe loss of $1.45 million in USDC. Blockchain security firm Peck Shield detailed how the attacker used an address with similar starting and ending sequences as the authentic one, fooling the protocol.
The Need for Vigilance and Enhanced Security
This alarming trend in address poisoning attacks highlights a critical need for enhanced security measures within the cryptocurrency space. As authorities and cybersecurity experts work tirelessly to track down and apprehend the perpetrator, it is imperative for users to exercise increased vigilance. Users are advised to double-check transaction details and adopt additional security measures to protect their digital assets.
