MultiversX Tracker is Live!

A $12.25M Mistake: Address Poisoning

All Cryptocurrencies

by COINS NEWS 11 hours ago 13 Views

A $12.25M Mistake: Address Poisoning

A few hours ago, a user was address poisoned and mistakenly sent 12.25 MILLION in ETH to a hacker instead of a deposit address.

  • 0xd6741220a947941bF290799811FcDCeA8AE4A7Da - User Wallet
  • 0x6D90CC8Ce83B6D0ACf634ED45d4bCc37eDdD2E48 - Intended Deposit (Galaxy Digital)
  • 0x6d9052b2DF589De00324127fe2707eb34e592e48 - Hacker Wallet

How does Address Poisoning Happen?

I've talked about Address poisoning in other large theft posts. It's a spray and pray method used to target large wallets with predictable destination addresses.

It's unfortunate that some wallets don't have better security for these type of attacks. The hacker mimicked the first 6 and last 4 digits of the Intended Destination Address.

Here's a visual of what that looks like

  • Fake Address - 0x6d9052b2DF589De00324127fe2707eb34e592e48
  • Intended Destination Address - 0x6D90CC8Ce83B6D0ACf634ED45d4bCc37eDdD2E48 - Galaxy Digital Deposit Address

A look inside the user's wallet of 0xd6741220a947941bF290799811FcDCeA8AE4A7Da.

It appears the attacker was trying to poison the user's wallet for quite some time with tiny transactions of USDC.

The attacker sent numerous transactions hoping the victim will copy and paste the wrong address, which is exactly what happened.

  • Total investment by hacker: About .04 cents
  • Return on investment by hacker: 12.25M

Following the Funds

This is a theft in progress. As I write this, the hacker is sending 100 ETH quantities into Tornado Cash.

The Main Hacker wallet of 0x6d9052b2DF589De00324127fe2707eb34e592e48 sent the entire balance of stolen funds to 0x49a21FC945312C6fB4f8C6C4D224E74A5B96e9DF.

The above image shows the flow of funds from the Victim's wallet --> Hacker Wallet --> Tornado Cash

What's interesting is the wallet 0x49a...e9DF appears to be an intermediary for other address poisoning victims. The 12.25M theft appears to be by far the biggest single individual loss.

The next highest appears to be about 31K in losses due to the same type of scam. I do have a destination address where I think some of the funds post Tornado Cash funds landed. I'll refrain from posting until further investigation and will post updates.

It's typically pretty hard to launder 12M without drawing the attention of law enforcement and the cybersecurity community.

How to Prevent Address Poisoning to Your Wallet

  • Verify the Full Address: The scammer can ONLY receive funds if you send them. Verify 2, 3, 4 times before sending funds. Oh and try to avoid sending when you're tired.
  • Use Address Book/Whitelist: Utilize the address book feature in wallets verified addresses.
  • Avoid Historical Copy-Paste: Don't copy and paste from your transaction history. Bad idea!
  • Use Proven Addresses: Source recipient addresses. Again avoid transaction history as these attacks happen all too often!

Stay safe out there!

submitted by /u/jbtravel84
[link] [comments]

Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Read more

Related Posts

Comments