Beware Address Poisoning: Scammer Steals $2 Million From Safe Wallet Users – Blockonomi


A prolific crypto thief deploying an attack vector known as “address poisoning” has siphoned over $2 million from Safe Wallet users in just the past week. The latest theft spree brings the overall tally to around $5 million stolen from 21 victims across the past four months, according to blockchain tracking firms.

Keypoints

How it Works$2 Million Stolen

Researchers discovered at least ten Safe Wallet users fell prey over Thanksgiving week. One particular target held over $10 million in assets on the self-hosted wallet yet avoided catastrophic losses by only misdirecting $400,000 to the hacker. Overall $2.05 million was stolen from Safe Wallet victims in days while the grand total approaches $5 million and counting as the attacks persist.

How To Get Free Crypto  

The address poisoning specialist also recently netted $1.45 million from decentralized finance protocol Florence Finance using the same techniques. According to PeckShield, the hacker generated an address starting and ending with “0xB087” and “5870” – extremely similar to the actual finance smart contract address – and sent a small amount from the fraudulent wallet prior to the million-dollar theft.

While address poisoning requires some sophistication, the victims are ultimately users failing to validate send-to addresses adequately before signing transactions. But the endings demonstrate why verifying full addresses, not just beginnings and endings, proves critical for avoiding deception. The incidents also underscore the need for affirmation prompts like those seen on hardware wallets.

As crypto platforms increasingly shorten addresses for visual clarity, and asset transfers grow more time sensitive, address poisoning presents an increasingly credible vector. Users must remain vigilant by triple-checking recipient addresses right before signing. Verifying linked address names where available provides another layer of protection. As always, enabling multi-factor authentication and other account safeguards helps mitigate external threats.

But for decentralized apps and protocols holding customer funds, additional measures may prove necessary to counter address spoofing risks. Warning prompts when sending to never-transacted addresses could flag potential scams. Freezing suspicious withdrawals through strict anomaly detection and mandatory confirmation delays might also thwart the most aggressive hack attempts.

Coinbase Banner  

Until better standard protections emerge however, the simplest adage bears repeating. Look closely before you leap, as a single lapse in judgment can derail even the most secure crypto fortune.

Go to Source
Author: Oliver Dale


Recommended Crypto Services, Products and Strategies:

The first thing any crypto investor needs is is a reliable and secure Crypto Wallet.  Whether you’re looking for an online wallet, hardware wallet, desktop or mobile wallet, Crypto Renegade provides you with all the Best Crypto Wallets in each category.

Best Crypto Wallets Banner

When you’re ready to buy more crypto, or exchange your coins for others, Crypto Renegade’s list of the Best Crypto Exchanges has you covered.  The Crypto Exchanges recommended here offer everything from simplicity and convenience to advanced trading platforms and profit sharing. 

Best Crypto Exchanges Banner

If you want to learn more about the methods and tools that can be used to find Great Crypto Projects, then be sure to check out Crypto Renegade’s strategy for How To Find The Best Cryptocurrency.

Crypto Strategy Banner

For those people that don’t have any money to invest right now, or just want to understand the technology a bit more, you’ll definitely want to check out Crypto Renegade’s Free Crypto Strategy and start collecting Free Coins today!

Free Crypto Banner

What do you think about cryptocurrency? Do you have any questions about it? Be sure to leave a comment below.

You May Also Like

More From Author

This site uses Akismet to reduce spam. Learn how your comment data is processed.