A crypto hacker specializing in “tackle poisoning assaults” has managed to steal over $2 million from Safe Wallet customers alone in the previous week, with its complete sufferer depend now reaching 21.
On Dec. 3, Web3 rip-off detection platform Scam Sniffer reported that round ten Safe Wallets misplaced $2.05 million to address poisoning attacks since Nov. 26.
According to Dune Analytics information compiled by Scam Sniffer, the identical attacker has reportedly stolen at the least $5 million from round 21 victims in the previous 4 months.
Scam Sniffer, reported that one of the victims even held $10 million in crypto in a Safe Wallet, however “fortunately” solely misplaced $400,000 of it.
about ~10 Safe wallets have misplaced $2.05 million to “tackle poisoning” assaults in the previous week.
the identical attacker has stolen $5 million from ~21 victims in the previous 4 months up to now. pic.twitter.com/fu4kxaI3py
— Scam Sniffer | Web3 Anti-Scam (@actualScamSniffer) December 3, 2023
Address poisoning is when an attacker creates a similar-looking tackle to the one a focused sufferer often sends funds to — often utilizing the identical starting and ending characters.
The hacker usually sends a small quantity of crypto from the newly-created pockets to the goal to “poison” their transaction historical past. An unwitting sufferer may then mistakingly copy the look-alike tackle from transaction historical past and ship funds to the hacker’s pockets as a substitute of the meant vacation spot.
Cointelegraph has reached out to Safe Wallet for touch upon the matter.
A current high-profile tackle poisoning assault seemingly carried out by the identical attacker occurred on Nov. 30 when real-world asset lending protocol Florence Finance misplaced $1.45 million in USDC.
At the time, blockchain safety agency PeckShield, which reported the incident, confirmed how the attacker could have been in a position to trick the protocol, with each the poison and actual tackle starting with “0xB087” and ending with “5870.”
#PeckShieldAlert #FlorenceFinance fell sufferer to a #AddressPoisoning rip-off, ensuing in a lack of ~$1.45M $USDC.
Intended tackle: 0xB087cfa70498175a1579104a1E1240Bd947f5870
Phishing tackle: 0xB087269DE7ba93d0Db2e12ff164D60F0b3675870 pic.twitter.com/x1BJ77lhFv— PeckShieldAlert (@PeckShieldAlert) November 30, 2023
In November, Scam Sniffer reported that hackers have been abusing Ethereum’s ‘Create2’ Solidity operate to bypass pockets safety alerts. This has led to Wallet Drainers stealing round $60 million from nearly 100,000 victims over six months, it famous. Address poisoning has been one of the strategies they used to build up their ill-gotten features.
Related: What are address poisoning attacks in crypto and how to avoid them?
Create2 pre-calculates contract addresses, enabling malicious actors to generate new related pockets addresses that are then deployed after the sufferer authorizes a bogus signature or switch request.
According to the safety group at SlowMist, a bunch has been utilizing Create2 since August to “continuously steal nearly $3 million in assets from 11 victims, with one victim losing up to $1.6 million.”
Magazine: Should crypto projects ever negotiate with hackers? Probably
