The unfortunate incident involving the whale losing 1,155 WBTC ($71M) to a phishing attack on May 3 sheds light on the importance of vigilance and thorough address verification in cryptocurrency transactions.
Here's how the incident unfolded:👇
Initial Purchase:
Following a market drop on May 2, the whale spent 29.6M DAI to purchase 502 WBTC at $58,951.
Creating a New Address:
On May 4, the whale created a new address and conducted a test transaction by transferring 0.05 ETH.
Phishing Attack:
The attacker had pre-generated phishing addresses and monitored users' on-chain activities. When the whale initiated a transfer, the attacker swiftly transferred 0 ETH to the whale using a phishing address with visually similar starting and ending letters.
Mistaken Transfer:
Mistakenly relying on the visually similar address, the whale transferred 1,155 WBTC ($71M) to the phishing address instead of the intended new address.
Immediate Conversion and Laundering:
Upon receiving the funds, the attacker promptly converted the 1,155 WBTC into 22,960 ETH, potentially for money laundering purposes.
Attempted Communication and Tracking:
The whale attempted to negotiate with the attacker, offering a bounty, but received no response. Security companies tracked the attacker's IPs, potentially from Hong Kong.
Resolution:
Following increased scrutiny and tracking, the attacker eventually returned all the funds to the whale.
Lessons Learned:
Thorough Address Verification: When making transfers, especially large ones, carefully verify the entire address, not just the first and last letters, to prevent falling victim to phishing attacks.
Address Book Usage: Consider saving trusted addresses in your address book and copying addresses from there instead of relying solely on transaction history.
Enable Security Features: Utilize features like small transaction filtering in wallets to help filter out potential phishing transactions.
Vigilance and cautiousness remain paramount in navigating the cryptocurrency space to safeguard against such unfortunate incidents.