Quick take:
Leading Web3 security firms CertiK and Cyvers and crypto sleuth ZackXBT confirmed the exploit.
Address poisoning exploits trick victims into sending cryptocurrency to the wrong address by mimicking the first and the last six characters of the actual address.
They rely on the victim failing to notice the discrepancies in the characters in between.
A cryptocurrency user has been exploited for $69 million by a scammer, leading blockchain security firms have confirmed. The exploiter used an address poisoning attack to trick the victim into sending 1,155 wrapped bitcoins to the wrong address.
#CertiKInsight Our system has detected a transfer of 1,155 WBTC (~$69.3m) to an address linked to address poisoningEOA 0xd9A1 mimicked a transfer of 0.05 ETH which led the victim to send the funds to the wrong addressStolen funds are here https://t.co/m2xpJW0QIZ pic.twitter.com/PWFhEsEN2G
— CertiK Alert (@CertiKAlert) May 3, 2024
Web3 security firms CertiK and Cyvers and crypto sleuth ZackXBT have since confirmed the exploit.
ALERTAre we mistaken, or has someone truly lost $68M worth of $WBTC? Our system has detected another address falling victim to address poisoning, losing 1155 $WBTC. Victim: https://t.co/5NKlOFnepJAddress poisoner: https://t.co/R6fF0QipBHPoison transaction:… pic.twitter.com/UpG34ZcZvY
— Cyvers Alerts (@CyversAlerts) May 3, 2024
Address poisoning involves mimicking the first and the last six characters of the actual address, and hoping that the sender will not notice the discrepancies in the characters in between.
In the reported case, the exploiter mimicked a 0.05 ether (ETH) transaction before receiving 1,155 WBTC from the victim.
This scam takes place hot on the heels of last month’s $45 million exploit of token infrastructure protocol Hedgey Finance, as revealed by Cyvers.
It also comes at a time when Web3 companies are beginning to tighten their security systems on the back of the $2 billion lost to hacks, scams and exploits across decentralized finance (DeFi) in 2023.
Although this year seems to tracking for s significantly lower figure, reports indicate the industry has already lost $333 million during the first quarter.
Earlier this week, Resonance Security, a full-spectrum cybersecurity firm for both Web2 and Web3 secured a $1.5 million pre-seed funding Arca, Web3 venture firm Fabric VC and Blockchain Founders Fund, again demonstrating how series companies are in raising the security levels in Web3.
Stay on top of things:
Subscribe to our newsletter using this link – we won’t spam!
Follow us on X and Telegram.
The post Crypto User Exploited For $69M Through Address Poisoning appeared first on NFTgators .