Crypto Scammer Gets Away with $1.2M in ARB Tokens Through ‘Address Poisoning’ Attack – Here’s What Happened
A hacker has made off with $1.2 million worth of ARB tokens through a relatively new type of cyber-attack that uses modified wallet addresses to steal funds.
Blockchain data shows that one crypto address has been stealing funds from Arbitrum users. So far, the attacker has scammed out over 600 different crypto wallets for more than 930,000 ARB tokens, worth over $1.2 million at current rates.
The transfer of funds started on March 24, a day after Arbitrum, a popular Ethereum layer-2 scaling solution, carried out its highly-anticipated airdrop. ARB is the native governance token behind the L2 network.
The transfers took place using a contract whose creator is tagged as “Fake_Phishing18” on Arbitrum’s blockchain explorer. This suggests that users who have lost their tokens should have interacted with the malicious contract by clicking a phishing link.
A number of crypto users have revealed on Twitter that they have fallen victim to the attack. “Lost 7250 arb token to the hacker. Which is currently worth 10,000$ at time of tweet,” one user said.
Ethereum smart contract developer Brainsy has also previously warned about a malicious contract created by “Fake_Phishing18.” On March 24, they said that interacting with the contract creates an additional transaction request that appears as if it’s from the sender’s wallet but instead is a phishing attack.
“When I make a send the fake contract also makes a “transaction” that appears like its from my wallet. I assume to get me to interact with the contract,” they said at the time.
Damn they're getting people pic.twitter.com/T7AUHM5uZr— Brainsy (@BrainsyEth) March 24, 2023
What is “Address Poisoning” and Why is it on the Rise?
This type of hack, which has gained popularity among hackers more recently, is referred to “address poisoning” and basically capitalizes on user carelessness and haste.
During this type of hack, an attacker attempts to steal funds from a cryptocurrency wallet by modifying the wallet’s address.
In early January, MetaMask warned that “address poisoning” attacks are on the rise. At the time, the Web3 wallet developer said hackers try to use an address with the same first and last few characters as the real transaction “in hopes you will not check the full address, and instead copy theirs in a future txn.”
“You can protect yourself by double-checking the full address, or by using the Address Book feature,” MetaMask said at the time.
Meanwhile, on-chain analyst Lookonchain has reported that a fake ARB token has seen over $24,000 in transaction volume on the decentralized exchange (DEX) Uniswap. The blockchain investigator advised the community to be careful when trading ARB.
Please confirm whether the contract address is correct before trading $ARB!— Lookonchain (@lookonchain) March 23, 2023
A scammer created fake tokens of the same name as $ARB and generated $24.48k in volume on #Uniswap.
The correct address of $ARB: 0x912CE59144191C1204E64559FE8253a0e49E6548https://t.co/qvmcEz82Oh pic.twitter.com/47qvaePkXQ
As reported, Arbitrum token claims started on March 23. According to data from Nansen, around 520,000 addresses have claimed almost 1 billion ARB tokens as of press time. This means that only 110,000 addresses are yet to claim their tokens from the eligible 625,143.
According to data by CoinMarkCap, ARB is currently trading at $1.33, almost flat over the past day. However, the coin is down by almost 90% compared to its all-time high of around $11.80.