Crypto hacker has escalated their assault on digital finances, siphoning off a staggering $2 million from Safe Wallet users within just a week. Scam Sniffer, a Web3 scam detection platform, revealed that since November 26, about ten wallets have been compromised via a deceptive method known as address poisoning.
The hacker’s strategy involves creating wallet addresses that closely mimic those of their targets, tricking users into sending crypto to the wrong recipient. These attacks have been particularly effective, with the perpetrator amassing at least $5 million from 21 victims over the last four months. One user, who had a fortune of $10 million in their Safe Wallet, narrowly escaped a complete loss, yet still faced a significant $400,000 theft.
The method exploits the transaction history, where the victim might inadvertently copy the fraudulent address for future transactions. This type of attack came into the spotlight on November 30 when Florence Finance was defrauded of $1.45 million in USDC, due to an address starting and ending with the digits “0xB087” and “5870” respectively.
Further complicating the issue, hackers have been manipulating Ethereum’s ‘Create2’ function to craft addresses that evade security measures, contributing to a broader crisis where Wallet Drainers have appropriated roughly $60 million from victims. SlowMist, a cybersecurity team, has identified a group that has been utilizing this function since August to divert nearly $3 million from unsuspecting users.
