Crypto hackers have claimed another major victim, fooling him into sending $68 million to a wallet he thought was somebody else’s.
Blockchain data indicates that a once-wealthy Ethereum user lost all of his Bitcoin holdings after hackers contaminated a recipient’s wallet history. The user now holds just $1.6 million in crypto at his address.
According to Etherscan, the sending wallet’s remaining assets include 0.89 ETH ($2,747) and 1.63 million dollar-pegged DAI stablecoins.
The assets stolen from the victim included 1155 Wrapped Bitcoin (WBTC) – a token that operates like a stablecoin for Bitcoin on the Ethereum network, mirroring the price of the dominant digital asset. Naturally, WBTC is vulnerable to the many hacks and exploits common in the Ethereum ecosystem, such as address poisoning.
Wallet contamination or “address poisoning” involves sending a transaction – usually of zero or negligible value – to a victim’s wallet, simply so that the attacker’s address appears in the victim’s transaction history.
Notably, attackers will deliberately generate their address to have several starting and ending characters that match those of an address belonging to the victim. Popular wallet software often shrinks addresses to display only the first and last characters, making the differences in the middle undetectable on the surface.
In this case, both the attacker’s address and the real target address had characters starting with 0xd9A1, and ending with 853a91.
Ideally, the attacker hopes they try to copy that address from their history the next time they intend to receive a transaction, under the mistaken belief that it’s their address or that of someone they know.
Last year, address poisoners targeted a series of SafeWallet users, stealing $2 million within one week. Back in February, a Kraken user was robbed of 1 million USDT after scammers poisoned their history mimicking the victim’s prior interaction with the exchange.
Metamask suggests users avoid copying transactions from their history, and to add frequently used addresses to their address book to avoid using any that aren’t specifically whitelisted.
“This advice applies to your own address as much as it does the addresses of others to whom you may be sending funds,” the wallet provider states on its website.
The post Costly Mistake: Victim Loses $68 Million In Address Poisoning Scam appeared first on CryptoPotato.
—
Blog powered by G6
Disclaimer! A guest author has made this post. G6 has not checked the post. its content and attachments and under no circumstances will G6 be held responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from your use of or inability to use this website or any websites linked to it, or from your reliance on the information and material on this website, even if the G6 has been advised of the possibility of such damages in advance.
For any inquiries, please contact [email protected]
