After the theft, the victim sent an on-chain message to the scammer, offering a $1 million "bounty" for the return of the remaining funds. They threatened, "We have officially filed a criminal case. With the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols, we have already gathered substantial and actionable intelligence regarding your activities." However, there's been no activity from the wallet since the message, and the thief had long since begun laundering the funds via Tornado Cash.
Crypto trader loses $50 million to address poisoning attack
A crypto trader lost almost $50 million in the Tether stablecoin after falling victim to an address poisoning attack. Because blockchain wallet addresses are long, random alphanumeric strings, traders often use the first and/or last several characters to quickly recognize wallets, and copy and paste regularly used wallet addresses from their transaction history. This has given rise to a type of scam known as "address poisoning", where scammers generate wallet addresses that share similar beginning and end characters, and use them to send transactions to wealthy victims. If they're lucky, as they were in this case, the victim will accidentally copy the similar looking scammer's wallet address when making a transfer of significant size.
- Thief wallet, Etherscan [archive]
- On-chain message, Etherscan
Wallet loses over $72 million to address poisoning
An Ethereum wallet was apparently drained of 1,155 wrapped bitcoin (~$72.7 million) when they transferred it to a malicious address that had been operating an address poisoning scheme.
Address poisoning is a scam tactic that takes advantage of crypto traders' tendencies to copy and paste wallet addresses from their transaction histories, since the addresses are long strings of characters that are not practical to type from memory. By creating a new wallet address with identical start and/or ending character strings to addresses used by the victim, and spamming the victim with transactions from that similar address, scammers are sometimes able to get victims to erroneously copy the spoofed address for future transfers.
That's what appears to have happened in this case, when a victim transferred 1,155 wrapped bitcoin — tokens pegged to the bitcoin price meant for use on the Ethereum blockchain — to the malicious address.
The victim and the exploiter later reached an agreement for the return of most of the funds, with the exploiter keeping $7.2 million as a "bounty".
Users of the Safe Wallet lose cumulative $2 million to address poisoning
Users of the (not so) Safe Wallet have lost $2.05 million altogether in the past week as they've been targeted by an attacker using an address poisoning attack. The same attacker was also behind such an attack on the Florence Finance real-world lending protocol, in which they stole $1.45 million.
According to research group ScamSniffer, the attacker has stolen at least $5 million from at least 21 victims in the past four months.
Florence Finance loses $1.45 million to address poisoning
An apparent address poisoning attack on the Florence Finance real-world asset lending protocol led to the loss of $1.45 million in the USDC stablecoin.
As of December 4, Florence Finance had not publicly acknowledged the theft.
U.S. Drug Enforcement Administration sends over $50,000 to a scammer
After seizing a little more than $500,000 in the Tether stablecoin from two accounts it believed were involved in illegal narcotics sales, the DEA mistakenly sent $50,000 of the seized funds to an enterprising scammer.
Someone observed the DEA wallet send a small test transaction before transferring the remaining seized funds, and quickly used a crypto wallet address with identical characters at the beginning and end to send an airdrop to the DEA source wallet. When the DEA agent went to send the remaining funds, they copied-and-pasted the address, believing it was the same one they'd sent the test transaction to. This is a common scam in the crypto world known as "address poisoning", and is successful primarily because crypto wallet addresses are very long strings of characters that people usually copy-and-paste, and only identify by the characters at the start and end.
Upon discovering that they'd been duped, the DEA contacted Tether to ask them to freeze the funds. However, by that time, the scammer had already converted the money into ETH, which couldn't be frozen. The DEA is now working with the FBI to try to trace the theft.
Phisher briefly snags $20 million before it's frozen by Tether
A zero-transfer attack, also called an address poisoning attack, occurs when a phisher creates a blockchain address very similar to that of a target victim's wallet, and sends zero-value token transactions to the victim's addresses from the phishing wallet in hopes that the victim will later mistake the phishing address for the real one and send funds to it. It sounds unlikely to work, but users often fail to verify every character of the destination address they're using, opting instead to copy it from their transaction histories, and this can profit scammers substantially.
Someone intending to transfer Tether stablecoins amounting to $20 million apparently didn't think it was important to double-check the address, and fell for such an attack.
However, only 51 minutes after the theft, the victim had managed to get Tether to add the thief's address to its blacklist, freezing the assets and thwarting the attack. The rapidity of the freeze led various people to question who the victim might be who could get Tether to intervene so quickly.
- "Tether Freezes $20 Million Linked To Phishing Scammer", CryptoPotato