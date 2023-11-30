On November 30, blockchain security firm PeckShield reported that Florence Finance had been attacked.

The protocol reportedly lost $1.45 million in USDC in an attack called “address poisoning.” At the time of writing, there were very few details about the hack and nothing on the Florence Finance X (Twitter) feed or Telegram channel.

PeckShield reported that the transaction was sent to a phishing address instead of the intended address.

“This is an example of a scammer creating an address that resembles an address to which the intended victim has previously sent funds.”

The addresses are very similar, with similar beginning and ending characters to trick the victim into sending it without paying attention to the entire address.

Attackers use an address generator to create an address almost identical to the target’s wallet address.

They will then send a small amount of crypto from the newly created matching address wallet to the target’s wallet in order to poison the transaction history.

The victim then accidentally copies the poisoned address from the transaction history instead of their own records and sends the money to the hacker’s wallet.

According to reports, malicious actors are abusing Ethereum’s ‘Create2’ function to bypass wallet security alerts and poison addresses. This led to the theft of approximately $60 million in crypto from approximately 100,000 accounts in six months.

Florence Finance is an arbitrage-based real-world asset DeFi lending protocol that enables users to borrow digital assets against their real-world collateral.

According to the documentation, it uses stablecoin commitments to make loans to real-world businesses and distributes the real-world yield back to stablecoin funders.

Big month for DeFi exploitation

November has been a busy month for DeFi and crypto hackers. On November 30, Peckshield also reported that the Uranium Finance attacker was transferring funds.

According to the De.Fi Yield Rect database, millions of crypto assets have been lost this month due to hacks and exploits.

These include a $45 million loss to Kyberswap in a quick loan attack on November 23 and a $21 million loss to HTX in an access control exploit on November 22.

Additionally, Heko Bridge was exploited for $86 million this month, and Onyx Protocol lost $2 million in a flash loan attack.

