Crypto Scam: User Loses $68M In Address Poisoning Scheme

According to CertiK, a blockchain security company, a new crypto scam has taken place with a user losing a staggering $68 million worth of Wrapped Bitcoin (WBTC) due to an address-poisoning exploit. Cyvers, a security platform, posted on X, and on-chain detective ZachXBT also confirm this major loss.

Address poisoning is a sneaky technique where scammers mimic the first and last six characters of a real wallet address and then count on the sender to miss the difference in the middle characters. Wallet addresses can be up to 42 characters long.

So, in this situation, the scammer pretended to be the victim by mimicking a 0.05 Ethereum (ETH) transaction. Then managed to receive a whopping 1,155 WBTC from the unsuspecting victim.

#CertiKInsight 🚨

Our system has detected a transfer of 1,155 WBTC (~$69.3m) to an address linked to address poisoning

EOA 0xd9A1 mimicked a transfer of 0.05 ETH which led the victim to send the funds to the wrong address

Stolen funds are here https://t.co/m2xpJW0QIZ pic.twitter.com/PWFhEsEN2G

— CertiK Alert (@CertiKAlert) May 3, 2024

Tough Blow for Crypto Enthusiasts 

It has been a conundrum in the crypto world over the years. According to Forbes, in the first quarter of 2022, it was estimated that $ 1.91 billion was lost to crypto hacks.

In 2023, crypto investors suffered a massive loss of $2 billion due to hacks, scams, and exploits in the Decentralized Finance (DeFi) sector. As if that wasn’t enough, an additional $333 million was stolen in just the first quarter of this year.

Prisma Finance, a non-custodial and decentralized finance platform, got hit by a major crypto hack earlier this year and suffered a mind-blowing loss of $9 million as reported by TheCoinRise.

Different Methods of Crypto Scam Exploitation 

It is heartbreaking to see how many crypto networks, investors, and users have been hit hard by massive losses due to crypto scam, hacks, attacks, and other illegal activities.

According to a report from PeckShield, a blockchain security and analytics firm, the attackers took advantage of a vulnerability in Prisma Finance’s smart contracts, which allowed the scammer to drain funds from the protocol. The attack on the firm is just the latest in a string of crypto hacks.

In the recent North Korea crypto scandal, researchers have confirmed that hackers are frequently compromising customers’ private keys or seed phrases. They then transfer the money to wallets controlled by The Democratic People’s Republic of Korea and exchange it for Tron (TRX) or Tether (USDT).

In the Nirvana hacked funds case, the culprit used some seriously complicated tactics like token-swap transactions, moving the fraudulent money across various blockchain networks.

He converted funds into privacy-focused cryptocurrencies like Monero, using overseas crypto exchanges, and even employing cryptocurrency mixers like Samourai Whirlpool.