Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A cryptocurrency investor lost 4,556 Ethereum, worth about $12.4 million, after falling victim to a sophisticated attack known as “address poisoning.”
Spectre, the pseudonymous blockchain analyst, said the theft occurred about 32 hours after the attacker “trampled” the victim’s wallet for a simple token transaction.
How a fake address that looked like the original cost an Ethereum holder millions of dollars
On-chain analysis of Specter revealed that the attacker spent two months tracking the transaction activity of the victim. During this period, the hacker specifically identified a deposit address used to settle over-the-counter trades (OTC).
Sponsored
Sponsored
The attacker used a custom address generation program vanity address generation software To design a similar wallet. The fraudulent address had the same letters and numbers at the beginning and end as the intended address of the victim.
Dependent on the process Title poisoning Users usually check only the first and last characters of a long hexadecimal string. In this case, the fraudulent wallet and the official OTC address look identical at a quick glance.
The attacker started by sending a simple transaction to the victim’s wallet, with the goal of including the forged address in the user’s activity log. This strategic move ensured that the corrupt address appeared at the top of the “recent transaction log”.
The victim relied on this compromised list, then inadvertently copied the poisoned address instead of the correct source when trying to transfer $12.4 million.
This incident marks the second major eight-figure theft through this particular street in recent weeks. Last month, he reported that another cryptocurrency trader About $50 million was lost in an almost similar plan.
Sector stakeholders claim that these attacks are on the rise because the wallet interface often shortens addresses to save screen space. This design choice actually hides the middle letters, which is where the differences lie.
At the same time, this hack raises serious questions about the verification protocols for institutional investors institutional quality investors.
Individual traders typically rely on copy-pasting addresses, while entities transferring millions usually follow strict whitelisting procedures and test transactions.
Blockchain security firm ScumSnifer has urged investors to abandon trust in transaction history for recurring cryptocurrency payments. Instead, they recommended using trusted encrypted address books to prevent the risk of interface spoofing.
