Crypto scammers successfully stole a whopping 1,155 wrapped Bitcoin using a technique that tricks users into malicious transactions.
According to blockchain security provider CertiK, a crypto user lost over $69.3 million in wrapped Bitcoin (WBTC) to an address-poisoning attack on May 3. At first, the attacker mirrored a 0.05 Ethereum (ETH) transfer before stealing the WBTC in the next transaction.
#CertiKInsight 🚨Our system has detected a transfer of 1,155 WBTC (~$69.3m) to an address linked to address poisoningEOA 0xd9A1 mimicked a transfer of 0.05 ETH which led the victim to send the funds to the wrong addressStolen funds are here https://t.co/m2xpJW0QIZ pic.twitter.com/PWFhEsEN2G
— CertiK Alert (@CertiKAlert) May 3, 2024
You might also like: DefiLlama: Crypto hacks comprise $7.7b in losses since 2016
On-chain investigator ZachXBT and crypto security provider Cyvers corroborated the news. Cyvers CTO Meir Dolev said the case was “probably the highest value lost due to an address poisoning scam” to date.
In an address poisoning scam, victims are presented with a similar wallet address and deceived into transferring assets to an exploiter. The malicious address usually imitates the four to six characters at the beginning and end of an address.
Users fall prey to this method as the differences are sometimes hard to spot, especially since wallet addresses may exceed 40 alpha-numeric characters in some cases.
The incident has already eclipsed the proceeds from exploits and scams throughout the last month, which amounted to about $25.7 million in digital assets. CertiK also noted that April saw the lowest defi scam levels seen since 2021.
Read more: Losses from crypto hacks drop 67% to $60m in April