skip to Main Content
bitcoin
Bitcoin (BTC) $ 98,565.41 0.36%
ethereum
Ethereum (ETH) $ 3,351.49 1.03%
tether
Tether (USDT) $ 1.00 0.03%
solana
Solana (SOL) $ 261.94 0.09%
bnb
BNB (BNB) $ 647.98 2.01%
xrp
XRP (XRP) $ 1.52 10.17%
dogecoin
Dogecoin (DOGE) $ 0.457925 15.44%
usd-coin
USDC (USDC) $ 0.999984 0.05%
cardano
Cardano (ADA) $ 1.08 22.09%
staked-ether
Lido Staked Ether (STETH) $ 3,350.60 0.97%

RWA Protocol Florence Finance Loses $1.45M in Address Poisoning Attack

On Nov. 30, blockchain security firm PeckShield reported that Florence Finance had been attacked.

The protocol has reportedly lost $1.45 million in USDC in an attack called “address poisoning.” At the time of writing, there were very few details about the hack and nothing on the Florence Finance X (Twitter) feed or Telegram channel.

Address Poisoning

PeckShield reported that the transaction was sent to a phishing address instead of the intended address.

“This is an example of a scammer creating an address that resembles one to which the intended victim had previously sent funds.”

The addresses are very similar, with the same beginning and end characters used to dupe the victim into sending to it without paying attention to the full address.

The attackers use an address generator to create a nearly identical address to the target’s wallet address.

They will then send a tiny amount of crypto from the newly-created matching address wallet to the target’s wallet to poison the transaction history.

The victim then mistakingly copies the poisoned address from transaction history instead of its own records and sends money to the hacker’s wallet.

According to reports, malicious actors have been abusing Ethereum’s ‘Create2’ function to bypass wallet security alerts and poison addresses. This has led to the theft of around $60 million in crypto from almost 100,000 accounts in six months.

Florence Finance is an Arbitrum-based real-world asset DeFi lending protocol that enables users to borrow digital assets against their real-world collateral.

According to the documentation, it uses stablecoin commitments to fund loans to real-world businesses and distributes the real-world yield back to the stablecoin funders.

Big Month for DeFi Exploits

November has been a busy month for DeFi and crypto hackers. On Nov. 30, PeckShield also reported that the Uranium Finance attacker was moving funds.

According to the De.Fi Yield Rekt Database, millions in crypto assets have been lost this month to hacks and exploits.

These include KyberSwap losing $45 million in a flash loan attack on Nov. 23 and HTX losing $21 million in an access control exploit on Nov. 22.

Furthermore, Heco Bridge was exploited for $86 million this month, and Onyx Protocol lost $2 million in a flash loan attack.

The post RWA Protocol Florence Finance Loses $1.45M in Address Poisoning Attack appeared first on CryptoPotato.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top