Hacker Drains Over $2 Million from Safe Wallet- What’s Going On?
A malicious actor has stolen over $2 million from Safe Wallet users in the past week through address poisoning theft raising the total victim count to 21.
Several blockchain security firms have tracked suspected activity from different transactions resulting in losses from Safe Wallet totaling $2 million.
On Dec 3 cryptocurrency scam detection platform, Sacm Sniffer wrote on X (formerly Twitter) that about 20 wallets have lost $2.05 million last from address poisoning attacks adding that the same attacker was responsible for draining $5 million from 21 users in the last four months.
about ~10 Safe wallets have lost $2.05 million to "address poisoning" attacks in the past week.
the same attacker has stolen $5 million from ~21 victims in the past four months so far. pic.twitter.com/fu4kxaI3py
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 3, 2023
Dune analytics also reported the development from Scam Sniffer posting the affected wallets and time range of stolen assets with the source pointing to address poisoning.
Address poisoning is an old tactic deployed by bad actors to deceive users into sending assets to the wrong wallets. It entails a hacker creating an almost similar address usually with the same start and end characters.
The scammer then proceeds to “poison” the transaction history by sending funds of almost similar amounts regularly to the destination wallet in a bid to make the victim copy the scammer’s wallet from the transaction history and send new funds to the address.
Florence Finance saga
Last week, Scam Sniffer also reported another case of address poisoning involving a bad actor carting away $1.5 million worth of assets. Florence Finance is reported to have the funds from Safe Wallet to the address that contaminated the transfer history.
In the calculated move, the malicious actor deployed a contaminated address generated by create2 before converting the address to DAI to prevent a freeze after taking hold of the asset.
This type of incident has occurred previously as Scam Sniffer reported that SlowMist shared a similar transaction involving create3 with asset losses of $1.66 million.
According to the blockchain security firm, the UI of the transaction history shows the last four digits of the wallet addresses are closely related leading to the victim copying the address.
It was also pointed out that a particular user was quite lucky as the wallet was seen to hold $10 million in total assets but only $400,000 was lost due to the address poisoning.
Users to take extra caution to change the tide
In recent years, there has been a surge in cryptocurrency scams causing millions of losses, weakened investor confidence, and more regulatory scrutiny.
While hackers deploy a range of tactics to drain virtual asset platforms, some incidents can be prevented or reduced by proper monitoring and added checks by the platform and users.
Platforms can send a reminder each time a transfer is made to a new wallet while users should rely on something other than transaction history and always carry out a cross-validation.