Surge in Cryptocurrency Theft
In a startling surge, more than $1.6 million has been siphoned off from unsuspecting cryptocurrency users this past week through address poisoning attacks, eclipsing the total losses from the previous month of March. According to the cryptocurrency fraud prevention service, ScamSniffer, the most significant incident occurred on Friday when a single user inadvertently transferred 140 Ether, equivalent to roughly $636,500, to a fraudulent address that had infiltrated their transaction history due to a simple copy-paste error.
Details of the Incident
The ScamSniffer team elaborated on the incident, revealing that the user fell prey to a deceptive scheme known as address poisoning.
“The victim sent 140 ETH to an address that looked authentic, which was intentionally inserted into his transaction history. Given the numerous poisoned addresses in his history, it was only a matter of time before he became a target,”
they explained.
Additional Losses Reported
Additional reports highlighted that another individual incurred a staggering loss of $880,000 on Sunday alone, with smaller amounts of $80,000 and $62,000 also recorded from separate victims. Cointelegraph, utilizing alerts from cybersecurity entities, confirmed that the total damages from these deceitful operations since the weekend have far surpassed the $1.2 million lost in the entire month of March due to similar schemes.
Understanding Address Poisoning
Address poisoning works by infecting the victim’s transaction history with small amounts sent from fake wallet addresses that closely imitate genuine ones. In essence, as Web3 Antivirus points out, this tactic—termed “transaction history poisoning”—tricks users into copying fraudulent addresses for future transactions. This deceptive behavior was further substantiated by ScamSniffer, stating,
“Scammers execute small transfers to mimic real addresses, thereby setting a trap as users inadvertently copy from their transaction history.”
Other Notable Losses
In addition to the significant address poisoning thefts, another $600,000 was lost this week by victims who mistakenly approved malicious signatures containing terms such as “approve,” “increaseAllowance,” and “permit.” A notable case included a victim losing $165,000 in BLOCK and DOLO tokens after signing a harmful transaction.
Importance of Vigilance
ScamSniffer reiterated the importance of vigilance, underscoring the need for users to either maintain an address book or whitelist and to verify the complete address before executing any transactions.
