Crypto News– Someone has reportedly lost more than $71 million worth of wrapped bitcoin (WBTC) in what seems to be an address poisoning attack.
According to on-chain transfers from the Etherscan blockchain explorer, the victim sent 1,155 WBTC ($71.1 million) to the suspected attacker.
Claimed ‘Address Poisoning’ Assault Results in Victim Losing 71 Million+ Dollars Worth of WBTC
In a poisoning attack, the hacker creates a wallet address similar to the victim’s, often through vanity address services or address mining, and inundates the victim with numerous transactions. If the victim mistakenly copies the hacker’s fraudulent address, they inadvertently transfer their funds to the hacker rather than their own account.
The address belonging to the hacker has been labeled as fake and phishing on the Ethereum blockchain explorer Etherscan.
Wrapped bitcoin (WBTC) is an ERC-token that maintains a 1:1 peg with bitcoin, enabling its use within the Ethereum ecosystem. At 11:13 a.m. ET (15:13 UTC) on May 3, WBTC was trading at $61,644.23, showing a 3.95% increase of $2,338 over the past 24 hours, as reported by The Block Prices page.
Essentials of Poisoning Attacks
Attackers often replicate the first and last digits of a wallet address, a common practice as people tend to verify these when sending funds. Following a security incident in August 2023, former Binance CEO Changpeng ‘CZ’ Zhao elaborated on the deceptive effectiveness of such attacks.
In recent times, scammers have become adept at generating addresses with matching starting and ending letters, which aligns with what most individuals verify during crypto transfers, Zhao explained via social media. Additionally, many wallets conceal the middle portion of the address with ‘…’ for improved UI aesthetics. Scammers exploit this by sending small transactions to your wallet, ensuring the fraudulent address appears in your records.
Zhao further elucidated, Now, when attempting to send funds to the correct address, you might inadvertently select a previously received transaction in your wallet and copy its address. Consequently, you may copy the wrong one. He recounted an incident from August wherein an experienced crypto operator detected the fraudulent transaction in time, preventing the transfer of funds.
Leave a comment