Crypto hackers have claimed another major victim, fooling him into sending $68 million to a wallet he thought was somebody elseās.
Blockchain data indicates that a once-wealthy Ethereum user lost all of his Bitcoin holdings after hackers contaminated a recipientās wallet history. The user now holds just $1.6 million in crypto at his address.
According to Etherscan, the sending walletās remaining assets include 0.89 ETH ($2,747) and 1.63 million dollar-pegged DAI stablecoins.
The assets stolen from the victim included 1155 Wrapped Bitcoin (WBTC) ā a token that operates like a stablecoin for Bitcoin on the Ethereum network, mirroring the price of the dominant digital asset. Naturally, WBTC is vulnerable to the many hacks and exploits common in the Ethereum ecosystem, such as address poisoning.
Wallet contamination or āaddress poisoningā involves sending a transaction ā usually of zero or negligible value ā to a victimās wallet, simply so that the attackerās address appears in the victimās transaction history.
Notably, attackers will deliberately generate their address to have several starting and ending characters that match those of an address belonging to the victim. Popular wallet software often shrinks addresses to display only the first and last characters, making the differences in the middle undetectable on the surface.
In this case, both the attackerās address and the real target address had characters starting with 0xd9A1, and ending with 853a91.
Ideally, the attacker hopes they try to copy that address from their history the next time they intend to receive a transaction, under the mistaken belief that itās their address or that of someone they know.
Last year, address poisoners targeted a series of SafeWallet users, stealing $2 million within one week. Back in February, a Kraken user was robbed of 1 million USDT after scammers poisoned their history mimicking the victimās prior interaction with the exchange.
Metamask suggests users avoid copying transactions from their history, and to add frequently used addresses to their address book to avoid using any that arenāt specifically whitelisted.
āThis advice applies to your own address as much as it does the addresses of others to whom you may be sending funds,ā the wallet provider states on its website.
The post Costly Mistake: Victim Loses $68 Million In Address Poisoning Scam appeared first on CryptoPotato.
Blockchain data indicates that a once-wealthy Ethereum user lost all of his Bitcoin holdings after hackers contaminated a recipientās wallet history. The user now holds just $1.6 million in crypto at his address.
The Danger Of Address Poisoning
According to Etherscan, the sending walletās remaining assets include 0.89 ETH ($2,747) and 1.63 million dollar-pegged DAI stablecoins.
The assets stolen from the victim included 1155 Wrapped Bitcoin (WBTC) ā a token that operates like a stablecoin for Bitcoin on the Ethereum network, mirroring the price of the dominant digital asset. Naturally, WBTC is vulnerable to the many hacks and exploits common in the Ethereum ecosystem, such as address poisoning.
Wallet contamination or āaddress poisoningā involves sending a transaction ā usually of zero or negligible value ā to a victimās wallet, simply so that the attackerās address appears in the victimās transaction history.
Notably, attackers will deliberately generate their address to have several starting and ending characters that match those of an address belonging to the victim. Popular wallet software often shrinks addresses to display only the first and last characters, making the differences in the middle undetectable on the surface.
Address Poisoning In Action
In this case, both the attackerās address and the real target address had characters starting with 0xd9A1, and ending with 853a91.
Ideally, the attacker hopes they try to copy that address from their history the next time they intend to receive a transaction, under the mistaken belief that itās their address or that of someone they know.
Last year, address poisoners targeted a series of SafeWallet users, stealing $2 million within one week. Back in February, a Kraken user was robbed of 1 million USDT after scammers poisoned their history mimicking the victimās prior interaction with the exchange.
Metamask suggests users avoid copying transactions from their history, and to add frequently used addresses to their address book to avoid using any that arenāt specifically whitelisted.
āThis advice applies to your own address as much as it does the addresses of others to whom you may be sending funds,ā the wallet provider states on its website.
The post Costly Mistake: Victim Loses $68 Million In Address Poisoning Scam appeared first on CryptoPotato.
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
