Safe Wallet Scammer Steals $2M Through 'Address Poisoning' in One Week

Crypto Hacker Strikes

A crypto hacker specializing in "address poisoning attacks" has stolen over $2 million from Safe Wallet users in just one week, with the total number of victims now at 21.

Increasing Losses

Between November 26 and December 3, around ten Safe Wallets lost $2.05 million to address poisoning attacks, according to Scam Sniffer, a web3 scam detection platform. Over the past four months, the same attacker has reportedly stolen at least $5 million from approximately 21 victims.

How Address Poisoning Works

Address poisoning involves creating a similar-looking address to the one a victim regularly sends funds to, often using the same beginning and ending characters. The attacker then sends a small amount of cryptocurrency from the fake address to the target, "poisoning" their transaction history. An unwitting victim may then mistakenly copy the look-alike address from their transaction history and unknowingly send funds to the hacker's wallet instead of the intended destination.

Previous Attacks

In a high-profile attack on November 30, the same attacker targeted real-world asset lending protocol Florence Finance, resulting in a loss of $1.45 million in USDC. Blockchain security firm PeckShield reported the incident and highlighted how the attacker tricked the protocol by using similar addresses.

Abusing Ethereum's 'Create2' Function

Scam Sniffer previously reported that hackers have been exploiting Ethereum's 'Create2' Solidity function to bypass wallet security alerts. This method has allowed them to steal around $60 million from nearly 100,000 victims over six months. Address poisoning has been one of the tactics used to accumulate these illicit gains.

Should Crypto Projects Negotiate with Hackers?

In light of these attacks, the question arises: should crypto projects ever negotiate with hackers? The answer is likely no.

For more information on address poisoning attacks in crypto and how to avoid them, click here.