Two crypto users lost $12.25 million and $50 million after copying incorrect wallet addresses.
In January, a crypto user lost $12.25 million by copying the wrong wallet address. Also in December, another lost $50 million in a similar manner.
According to the popular Web3 security solution Scam Sniffer, the two incidents cost a combined $62 million.
Crypto blunders
The number of typical phishing attacks also increased in January. In fact, Scam Sniffer found that $6.27 million was stolen from 4,741 victims, which is a 207% increase from December. The largest cases included $3.02 million from SLVon and XAUt via permit/increaseAllowance, and $1.08 million from aEthLBTC via permit.
Two wallets alone were responsible for 65% of all phishing losses.
Address poisoning is a scam in which attackers send small transactions from wallet addresses that closely resemble real addresses, hoping that users will copy the wrong address from their transaction history. This can lead to money being accidentally sent directly to scammers. Signature phishing further increases the risk by tricking users into signing malicious approvals that give attackers permission to transfer funds later. As such, these tactics rely on social engineering and human error, and can leave even power users vulnerable.
In November last year, a crypto holder lost more than $3 million worth of PYTH tokens after accidentally sending money to a scammer’s wallet. The error occurred when the victim copied a fake deposit address from his transaction history.
Blockchain analysts at Lookonchain said the attacker created a lookalike address that matched the first four characters of the real wallet and sent a small SOL transaction to appear legitimate. The victim later transferred 7 million PYTH tokens without fully verifying the address and fell victim to an address poisoning attack. The stock transferred was worth approximately $3.08 million at the time.
You might also like:
Coordinated Multisig scam attempt
Amid the increasing frequency of such attacks, non-custodial wallet Safe, formerly known as Gnosis Safe, is also issued a warning to its users about a large-scale address poisoning and social engineering campaign targeting multisig wallets. According to the platform, attackers created thousands of similar secure addresses to trick users into sending money to the wrong destination. It revealed that the incident was not a protocol exploit, infrastructure breach or a smart contract vulnerability.
Safe has identified approximately 5,000 malicious addresses, which have now been flagged and removed from the Safe Wallet interface to reduce the risk of accidental fund transfers.
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
#Wallet #Flaws #Phishing #Attacks #Cost #Crypto #Users #Million