Non Cult Crypto News

Non Cult Crypto News

in

Safe Wallet scammer steals $2M through ‘address poisoning’ in one week

A malicious actor behind at least $5 million in crypto theft through “address poisoning” significantly ramped up attacks against Safe Wallet users in the last week.

Join us on social networks

A crypto hacker specializing in “address poisoning attacks” has managed to steal over $2 million from Safe Wallet users alone in the past week, with its total victim count now reaching 21. 

On Dec. 3, Web3 scam detection platform Scam Sniffer reported that around ten Safe Wallets lost $2.05 million to address poisoning attacks since Nov. 26.

According to Dune Analytics data compiled by Scam Sniffer, the same attacker has reportedly stolen at least $5 million from around 21 victims in the past four months.

Scam Sniffer, reported that one of the victims even held $10 million in crypto in a Safe Wallet, but “luckily” only lost $400,000 of it. 

Address poisoning is when an attacker creates a similar-looking address to the one a targeted victim regularly sends funds to — usually using the same beginning and ending characters.

The hacker often sends a small amount of crypto from te newly-created wallet to the target to “poison” their transaction history. An unwitting victim could then mistakingly copy the look-alike address from transaction history and send funds to the hacker’s wallet instead of the intended destination.

Cointelegraph has reached out to Safe Wallet for comment on the matter.

A recent high-profile address poisoning attack seemingly carried out by the same attacker occurred on Nov. 30 when real-world asset lending protocol Florence Finance lost $1.45 million in USDC.

At the time, blockchain security firm PeckShield, which reported the incident, showed how the attacker may have been able to trick the protocol, with both the poison and real address beginning with “0xB087” and ending with “5870.”

In November, Scam Sniffer reported that hackers have been abusing Ethereum’s ‘Create2’ Solidity function to bypass wallet security alerts. This has led to Wallet Drainers stealing around $60 million from almost 100,000 victims over six months, it noted. Address poisoning has been one of the methods they used to accumulate their ill-gotten gains.

Related: What are address poisoning attacks in crypto and how to avoid them?

Create2 pre-calculates contract addresses, enabling malicious actors to generate new similar wallet addresses which are then deployed after the victim authorizes a bogus signature or transfer request.

According to the security team at SlowMist, a group has been using Create2 since August to “continuously steal nearly $3 million in assets from 11 victims, with one victim losing up to $1.6 million.”

Magazine: Should crypto projects ever negotiate with hackers? Probably

This article first appeared at Cointelegraph.com News

What do you think?

Written by Outside Source

Bitcoin is of ‘national strategic importance’ says US Space Force officer

Here’s How Many Web3 Games Have Failed In The Last 5 Years (Report)

Back to Top

Ad Blocker Detected!

We've detected an Ad Blocker on your system. Please consider disabling it for Non Cult Crypto News.

How to disable? Refresh

Log In

Or with username:

Forgot password?

Don't have an account? Register

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

To use social login you have to agree with the storage and handling of your data by this website.

Add to Collection

No Collections

Here you'll find all collections you've created before.