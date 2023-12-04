In an unsurprising turn of events, the supposedly secure SafeWallet is feeling the heat.

SafeWallet users are facing a major threat as a crypto hacker skilled in “address poisoning attacks” successfully stole over $2 million from 10 users between November 26 and December 3.

Secure Wallet users targeted in address poisoning scam

The total number of victims has now reached 21, with a single attacker reportedly stealing $5 million from these users over the past four months, according to Scam Sniffer’s report based on Dune Analytics data. A user holding $10 million of crypto in a secure wallet lost $400,000 in the attack.

Nearly ~10 secure wallets have lost $2.05 million in the last week due to “address poisoning” attacks. The same attacker has stolen $5 million from ~21 victims so far in the last four months. pic.twitter.com/fu4kxaI3py — Scam Finder Web3 Anti-Scam (@realScamSniffer) 3 December 2023

The latest address poisoning attack is speculated to have been carried out by the same criminals who targeted real-world asset lending protocol Florence Finance. The incident was first flagged by blockchain security firm PeckShield, which revealed that $1.45 million in USDC had been siphoned off from the protocol, while also saying that the transactions were directed to phishing addresses rather than the intended addresses. it was done.

The fraud involved creating addresses with exactly the same beginning and ending characters, causing the victim to unknowingly send money to the fraudulent address without checking the entire address.

Unlike normal scams, which employ tactics such as unlimited token approval or phishing for secret recovery phrases, ‘address poisoning’ takes advantage of the user’s carelessness and haste. While this may seem less harmful than other scam methods, it still poses a significant risk to users’ funds, as explained by MetaMask.

Blockchain addresses, typically complex alphanumeric strings, range from 25 to 40 characters, making it challenging to remember. To enhance user experience, some crypto platforms display only the initial and last characters, skipping the middle ones.

This practice, known as address shortening, creates a security risk. Attackers can take advantage of the limited number of possibilities (36 per character) and create addresses with abbreviations similar to the user’s, increasing the chance of a match. Since many blockchains are not case-sensitive, the attacker’s job becomes even simpler.

Address poisoning attacks take advantage of this vulnerability. The attackers send low-value transactions to the victim from a look-alike address. Users accustomed to copying addresses from transaction history may inadvertently paste the attacker’s address when making subsequent transactions. Ultimately the funds are sent to the attacker instead of the intended recipient.

Special Offer (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and get $100 free and 10% off fees on Binance Futures your first month. (terms).

source: cryptopotato.com