A Crypto Hacker Steals Over $2 Million from Safe Wallet Users
A crypto hacker specializing in “address poisoning attacks” has successfully stolen more than $2 million from Safe Wallet users in the past week, bringing the total number of victims to 21. The attacks, which involve creating similar-looking addresses to deceive victims, have been ongoing since November 26. According to data compiled by Scam Sniffer, the same attacker has stolen approximately $5 million from 21 victims over the past four months. One victim reportedly lost $400,000 out of their $10 million crypto holdings.
How Address Poisoning Attacks Work
In an address poisoning attack, an attacker creates a fake address that closely resembles the legitimate one used by the victim. They then send a small amount of cryptocurrency from the fake address to “poison” the victim’s transaction history. If the victim mistakenly copies the fake address from their transaction history, they may unknowingly send funds to the hacker’s wallet instead of their intended destination.
Recent High-Profile Attack on Florence Finance
In a recent high-profile attack on Florence Finance, a real-world asset lending protocol, the attacker managed to steal $1.45 million in USDC. The attack was carried out using address poisoning, with both the fake and real addresses starting with “0xB087” and ending with “5870.” Blockchain security firm PeckShield reported the incident and highlighted how the attacker tricked the protocol.
Abuse of Ethereum’s ‘Create2’ Function
In November, Scam Sniffer reported that hackers have been abusing Ethereum’s ‘Create2’ Solidity function to bypass wallet security alerts. This method has allowed them to steal around $60 million from nearly 100,000 victims over six months. Address poisoning has been one of the tactics used by these hackers to accumulate their stolen funds.
Using Create2 to Steal Millions
A group of hackers has been using the Create2 function since August to continuously steal nearly $3 million from 11 victims. One victim alone lost up to $1.6 million. Create2 allows malicious actors to pre-calculate contract addresses and generate new, similar wallet addresses after receiving authorization from victims through bogus signature or transfer requests.
Hot Take: Protecting Yourself from Address Poisoning Attacks
Address poisoning attacks are a serious threat in the crypto world, and it’s essential to take steps to protect yourself. Always double-check the addresses you are sending funds to, especially if they look similar to previous transactions. Be cautious of any unexpected or unsolicited requests for funds. Consider using security platforms and tools that can help detect and prevent address poisoning attacks. Stay informed about the latest security vulnerabilities and best practices in the crypto space to safeguard your assets.
By
By
By
By
By