Blockchain security firm Cyvers Alert reported that an unnamed crypto trader lost 1,155 Wrapped Bitcoin (WBTC), equivalent to $70.5 million worth, to address poisoning.
The firm said:
“Are we mistaken, or has someone truly lost $68 million worth of WBTC? Our system has detected another address falling victim to address poisoning, losing 1,155 WBTC.”
Meir Dolev, the founder and CTO of Cyvers, added that this was “probably the highest value lost due to an address-poisoning scam.”
Address poisoning
Address poisoning is one tactic malicious entities employ to exploit crypto traders. This nefarious act typically ensnares victims by luring them into transferring digital assets to fraudulent addresses owned by scammers.
The modus operandi involves creating addresses strikingly similar to the target’s, employing identical starting and ending characters to deceive unsuspecting victims.
Subsequently, they execute a crypto transfer from the newly fabricated matching address to the target’s wallet, contaminating the transaction history. The victim, unaware, inadvertently copies the tainted address from the transaction log instead of referencing their records, thereby directing funds into the hacker’s wallet.
Notably, this kind of attack has become somewhat prevalent in the industry, with Changpeng Zhao, the former CEO of Binance, highlighting one such incident last year. At the time, Zhao said:
“The scammers are so good now they generate addresses with the same starting and ending letters, which is what most people check for when doing a crypto transfer. In fact, many wallets hide the middle part of the address with ‘…’ to make the UI look better.”