Safe Wallet scammer steals $2M through ‘address poisoning’ in one week

Safe Wallet scammer steals $2M through 'address poisoning' in one week



A crypto hacker specializing in “address poisoning attacks” has managed to steal over $2 million from Safe Wallet users alone in the past week, with its total victim count now reaching 21. 

On Dec. 3, Web3 scam detection platform Scam Sniffer reported that around ten Safe Wallets lost $2.05 million to address poisoning attacks since Nov. 26.

According to Dune Analytics data compiled by Scam Sniffer, the same attacker has reportedly stolen at least $5 million from around 21 victims in the past four months.

Scam Sniffer, reported that one of the victims even held $10 million in crypto in a Safe Wallet, but “luckily” only lost $400,000 of it. 

okex

Address poisoning is when an attacker creates a similar-looking address to the one a targeted victim regularly sends funds to — usually using the same beginning and ending characters.

The hacker often sends a small amount of crypto from the newly-created wallet to the target to “poison” their transaction history. An unwitting victim could then mistakingly copy the look-alike address from transaction history and send funds to the hacker’s wallet instead of the intended destination.

Cointelegraph has reached out to Safe Wallet for comment on the matter.

A recent high-profile address poisoning attack seemingly carried out by the same attacker occurred on Nov. 30 when real-world asset lending protocol Florence Finance lost $1.45 million in USDC.

At the time, blockchain security firm PeckShield, which reported the incident, showed how the attacker may have been able to trick the protocol, with both the poison and real address beginning with “0xB087” and ending with “5870.”

In November, Scam Sniffer reported that hackers have been abusing Ethereum’s ‘Create2’ Solidity function to bypass wallet security alerts. This has led to Wallet Drainers stealing around $60 million from almost 100,000 victims over six months, it noted. Address poisoning has been one of the methods they used to accumulate their ill-gotten gains.

Related: What are address poisoning attacks in crypto and how to avoid them?

Create2 pre-calculates contract addresses, enabling malicious actors to generate new similar wallet addresses which are then deployed after the victim authorizes a bogus signature or transfer request.

According to the security team at SlowMist, a group has been using Create2 since August to “continuously steal nearly $3 million in assets from 11 victims, with one victim losing up to $1.6 million.”

Magazine: Should crypto projects ever negotiate with hackers? Probably





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest

Freedom-Crypto
Ledger
Freedom-Crypto
Safe Wallet scammer steals $2M through 'address poisoning' in one week
okex
Coinmama
DOJ Confirms Dragonfly Not Under Investigation Over Tornado Cash Ties
CBOE files for Staked INJ ETF on behalf of Canary Capital
EigenLayer Brings Multichain AVS Support to L2 Networks
Fintech will Adopt DeFi Lending within 3 years.
Dragonfly Capital Faces DOJ Threat Over Tornado Cash Ties
Pump.fun ICO Raises $500M in 12 Minutes Amid Retail FOMO
bitcoin
ethereum
tether
binancecoin
usd-coin
solana
ripple
cardano
terra-luna
avalanche-2
Blockonomics
Ledger
Coinbase teams up with JPMorgan to enable instant crypto purchases from Chase accounts
A Fan Token Index for World Cup 2026 and Beyond
Whales Increase Holdings by 12% Despite Market Downturn
Indonesia to Hike Crypto Taxes, Target Offshore Platforms With Higher Rates Next Month
DOJ Confirms Dragonfly Not Under Investigation Over Tornado Cash Ties
Coinbase teams up with JPMorgan to enable instant crypto purchases from Chase accounts
A Fan Token Index for World Cup 2026 and Beyond
Whales Increase Holdings by 12% Despite Market Downturn
Indonesia to Hike Crypto Taxes, Target Offshore Platforms With Higher Rates Next Month
bitcoin
ethereum
tether
binancecoin
usd-coin
solana
ripple
cardano
terra-luna
avalanche-2
bitcoin
ethereum
tether
binancecoin
usd-coin
solana
ripple
cardano
terra-luna
avalanche-2