Safe Wallet Fraudster Steals $2M via 'Address Poisoning' in a Single Week

Scam Sniffer and PeckShield have reported on the recent address poisoning attacks that have resulted in millions of dollars in losses for cryptocurrency users.

Dec 4, 2023 - 12:54
Safe Wallet Fraudster Steals $2M via 'Address Poisoning' in a Single Week
Reading time - 2 min

A cryptocurrency hacker specializing in "address poisoning attacks" has recently stolen over $2 million from users of Safe Wallet in just the past week, impacting a total of 21 victims. Web3 scam detection service Scam Sniffer reported that approximately ten Safe Wallets have been compromised since November 26, resulting in losses of $2.05 million due to these attacks. Further analysis by Scam Sniffer, using Dune Analytics data, reveals that this same attacker has extracted at least $5 million from around 21 victims over the last four months.

In one notable case, a victim with $10 million in crypto in their Safe Wallet "luckily" lost only $400,000. Address poisoning occurs when an attacker crafts an address that closely resembles one a victim frequently uses, often matching the beginning and ending characters. The hacker then sends a small amount of crypto from this new wallet to the target, contaminating their transaction history. Victims may then mistakenly use this similar address from their history, sending funds to the hacker's wallet instead of the intended destination.

Recently, on November 30, a significant address poisoning attack targeted Florence Finance, a real-world asset lending protocol, resulting in a loss of $1.45 million in USDC. Blockchain security firm PeckShield reported how the attacker might have tricked the protocol, with both the poisoned and real addresses sharing similar starting and ending sequences.

Scam Sniffer also highlighted that hackers have been exploiting Ethereum's 'Create2' Solidity function to evade wallet security alerts, leading to Wallet Drainers stealing approximately $60 million from almost 100,000 victims over six months. Address poisoning has been one of the methods employed in these thefts.

Create2 allows for the pre-calculation of contract addresses, enabling malicious actors to generate new, similar wallet addresses which are then deployed after a victim authorizes a bogus signature or transfer request. According to the security team at SlowMist, a group has been using Create2 since August to "continuously steal nearly $3 million in assets from 11 victims," with one individual losing up to $1.6 million.

Philip Bohmer Philip is a seasoned journalist that brings clarity to the complex world of cryptocurrencies through his articulate and insightful articles. His passion for blockchain technology fuels his writing, making him a trusted voice in the rapidly evolving digital currency landscape.