🔥 Land A High Paying Web3 Job In 90 Days LEARN MORE

Safe wallet users lost $2 million to scammers in one week

In this post:

  • Safe wallet users have lost about $2 million to scammers over the last week.
  • Exploiting the vulnerabilities in the crypto space.

Cryptocurrency enthusiasts find themselves increasingly at risk as a sophisticated hacker exploits a technique known as “address poisoning,” resulting in cumulative losses exceeding $5 million over the past four months. The attacker, identified as the same individual responsible for a recent high-profile attack on Florence Finance, has escalated activities against Safe Wallet users. In the last week alone, approximately ten Safe Wallets fell victim to this method, resulting in losses exceeding $2 million and bringing the total count of victims to 21.

Hackers siphon funds from ten Safe Wallet users

Address poisoning is a cyber threat tactic where the perpetrator generates a counterfeit address resembling one that the targeted victim frequently uses. Typically, the fraudulent address shares similar starting and ending characters. The hacker initiates a small cryptocurrency transfer from the fabricated wallet to the victim’s account, effectively “poisoning” their transaction history. Consequently, an unsuspecting victim may unintentionally copy the false address from their transaction history, leading to funds being sent to the hacker’s wallet instead of the intended recipient.

Data compiled by Scam Sniffer from Dune Analytics reveals that the same hacker has utilized this method to pilfer at least $5 million from 21 victims within the last four months. Notably, one victim held $10 million in cryptocurrency within a Safe Wallet but incurred a loss of $400,000, emphasizing the severity of the threat. The hacker’s tactics extend beyond targeting Safe Wallets, as demonstrated by an attack on November 30 against Florence Finance, resulting in a $1.45 million loss.

See also  Cardano introduces plan 529 ahead of Plomin hard fork upgrade

Exploiting the vulnerabilities in the crypto space

Blockchain security firm PeckShield shed light on the attacker’s ability to deceive the protocol by utilizing addresses with identical prefixes and suffixes, mirroring the address poisoning methodology observed in other attacks. Address poisoning is compounded by the exploitation of Ethereum’s ‘Create2’ Solidity function, a vulnerability first reported by Scam Sniffer in November. Hackers leverage ‘Create2’ to bypass wallet security alerts, facilitating the theft of approximately $60 million from nearly 100,000 victims over six months.

Create2 pre-calculates contract addresses, enabling malicious actors to generate new addresses that closely resemble those of their victims. Once the victim unknowingly authorizes a forged signature or transfer request, the imposter addresses are deployed, resulting in significant financial losses. Security experts at SlowMist reported that a group has been leveraging the Create2 function since August, stealing nearly $3 million in assets from 11 victims. In one case, a victim suffered losses of up to $1.6 million.

The ongoing exploitation of Create2 underscores the critical need for enhanced security measures within the cryptocurrency space. As the hacker’s proficiency in address poisoning attacks continues to evolve, cryptocurrency users must remain vigilant. Adhering to best practices, such as verifying transaction details and utilizing secure wallets, becomes paramount in mitigating the risk of falling victim to these increasingly sophisticated attacks. Furthermore, collaboration within the cryptocurrency community is imperative for developing and implementing robust security protocols. These measures will help to safeguard users against evolving threats in the dynamic digital asset landscape.

See also  Binance CMO says memecoin listings are not guaranteed

From Zero to Web3 Pro: Your 90-Day Career Launch Plan

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Cryptopolitan
Subscribe to CryptoPolitan