Exploiter Steals $68M Worth of Crypto Through Address Poisoning
-
A user unintentionally sent 1,155 wrapped bitcoin to an exploiter’s wallet after being targeted by address poisoning.
-
The scam has been confirmed by various blockchain security firms.
00:59
Running With Crypto: 5 Questions With TRM Labs’ Ari Redbord
09:43
Hacks Involving North Korea Are ‘Even Greater Problem’: Legal Experts
02:01
Breaking Down the State of Hacking in 2024
00:59
Crypto Hack Volumes Fell by More Than 50% in 2023: TRM Labs
A cryptocurrency user has lost $68 million worth of wrapped bitcoin (WBTC) after falling victim to an address poisoning exploit, according to blockchain security firm CertiK.
Address poisoning is a technique that involves tricking the victim into sending a legitimate transaction to the wrong wallet address by mimicking the first and last six characters of the true wallet address and depending on the sender to miss the discrepancy in the intervening characters. Wallet addresses can be as long as 42 characters.
In this case, the exploiter mimicked a 0.05 ether (ETH) transaction before receiving 1,155 WBTC from the victim.
Security platform Cyvers and blockchain sleuth ZachXBT confirmed that $68 million had been lost to an address poisoning scam.
Crypto investors lost $2 billion to hacks, scams and exploits across decentralized finance (DeFi) in 2023 and an additional $333 million was stolen in the first quarter.
Edited by Sheldon Reback.
