Cryptocurrency enthusiasts find themselves increasingly at risk as a sophisticated hacker exploits a technique known as “address poisoning,” resulting in cumulative losses exceeding $5 million over the past four months. The attacker, identified as the same individual responsible for a recent high-profile attack on Florence Finance, has escalated activities against Safe Wallet users. In the last week alone, approximately ten Safe Wallets fell victim to this method, resulting in losses exceeding $2 million and bringing the total count of victims to 21.
Hackers siphon funds from ten Safe Wallet users
Address poisoning is a cyber threat tactic where the perpetrator generates a counterfeit address resembling one that the targeted victim frequently uses. Typically, the fraudulent address shares similar starting and ending characters. The hacker initiates a small cryptocurrency transfer from the fabricated wallet to the victim’s account, effectively “poisoning” their transaction history. Consequently, an unsuspecting victim may unintentionally copy the false address from their transaction history, leading to funds being sent to the hacker’s wallet instead of the intended recipient.
Data compiled by Scam Sniffer from Dune Analytics reveals that the same hacker has utilized this method to pilfer at least $5 million from 21 victims within the last four months. Notably, one victim held $10 million in cryptocurrency within a Safe Wallet but incurred a loss of $400,000, emphasizing the severity of the threat. The hacker’s tactics extend beyond targeting Safe Wallets, as demonstrated by an attack on November 30 against Florence Finance, resulting in a $1.45 million loss.
Exploiting the vulnerabilities in the crypto space
Blockchain security firm PeckShield shed light on the attacker’s ability to deceive the protocol by utilizing addresses with identical prefixes and suffixes, mirroring the address poisoning methodology observed in other attacks. Address poisoning is compounded by the exploitation of Ethereum’s ‘Create2’ Solidity function, a vulnerability first reported by Scam Sniffer in November. Hackers leverage ‘Create2’ to bypass wallet security alerts, facilitating the theft of approximately $60 million from nearly 100,000 victims over six months.
Create2 pre-calculates contract addresses, enabling malicious actors to generate new addresses that closely resemble those of their victims. Once the victim unknowingly authorizes a forged signature or transfer request, the imposter addresses are deployed, resulting in significant financial losses. Security experts at SlowMist reported that a group has been leveraging the Create2 function since August, stealing nearly $3 million in assets from 11 victims. In one case, a victim suffered losses of up to $1.6 million.
The ongoing exploitation of Create2 underscores the critical need for enhanced security measures within the cryptocurrency space. As the hacker’s proficiency in address poisoning attacks continues to evolve, cryptocurrency users must remain vigilant. Adhering to best practices, such as verifying transaction details and utilizing secure wallets, becomes paramount in mitigating the risk of falling victim to these increasingly sophisticated attacks. Furthermore, collaboration within the cryptocurrency community is imperative for developing and implementing robust security protocols. These measures will help to safeguard users against evolving threats in the dynamic digital asset landscape.
