In the past week, several crypto investors lost about $2 million after a malicious actor conducted a series of “address poisoning attacks” on Safe Wallet users.
The recent security breaches resulted from hackers misusing some Ethereum contract functions.
Address Poisoning Attacks on Safe Wallet
As per a report by Scam Sniffer, since last week, the rate of address poisoning scams surged. In fact, from about November 26, the attacker stole from at least 10 Safe Wallets, a total of $2.05 million.
Address Poisoning is when an attacker creates an address resembling a victim’s regular transaction destination. The attacker then leverages the look-alike address to trick other victims into transferring funds to this mock address.
Analysis points out that one of the victims held about $10 million in Safe Wallets but fortunately only lost $400K.
The most high-profile scam in this period was against Florence Finance. Reports indicate that this platform lost about $1.45 million USDC owing to the address poisoning attack on November 30.
PeckShield initially reported how this attack occurred, highlighting how the attacker tricked the victim. The actual and poisoned address began and ended with the same characters, “0xB087″ and ‘5870” respectively.
Scam Sniffer pointed out that the attacks began four months ago. Already, about 21 victims have fallen prey to this trickery and lost a total of $5 million.
Ethereum Vulnerability Giving Space for Scam
Last month, Scam Alert released a report pointing out a vulnerability in Ethereum’s ‘Create2’ Solidity function. It noted that hackers have been using the function to bypass wallet security notifications. As a result, hackers and Wallet Drainers have stolen over $60M from about 100k victims.
Some crypto companies have been making security deals with blockchain security firms to combat crypto crimes. Last week, Blockchain Dose reported on a deal between TRM Labs and Australian exchange Swyftx for blockchain security.