The early months of 2024 seemed relatively calm compared to previous periods, as there were fewer instances of rug pulls, scams, and bridge exploits. However, a new method of diverting funds has emerged and is impacting larger wallets.
This new exploit, known as address poisoning, involves sending funds to malicious wallets instead of the intended destination. DeFi users and decentralized traders are the primary targets of this attack.
The most recent heist targeted Wrapped BTC on the Ethereum Blockchain and resulted in an estimated loss of $68M to $71M due to fluctuating market prices.
The most dangerous aspect of address poisoning is that all the addresses involved are valid and usable. Typically, attackers inject the exploit address into a user’s transaction history through microtransactions.
Subsequently, the user may unknowingly copy and paste the Ethereum address without verifying its authenticity, assuming it belongs to an exchange or another wallet. Ultimately, the success of this exploit relies on human error and the failure to thoroughly check the address.
Advocates for human-readable identities have suggested that ENS names could alleviate the issue of comparing address strings. However, even comparing just the first and last four letters of an address may not be sufficient to prevent funds from being sent to the wrong destination.
In the current exploit, attacks do not involve the copy-paste function directly but instead rely on users overlooking the injected address in their wallet’s transaction history. Another form of a poisoned address attack is more sophisticated and involves compromising a wallet that generates private keys already known to the attacker.
The latest large-scale attack has been perpetrated by multiple social media personas who impersonate the real victim. The wallet’s actual owner has not come forward in a credible manner, leading to several individuals claiming to be the rightful owner as a means to promote their tokens or NFTs.
Researcher @Zachxbt remains skeptical and vigilant regarding new scammers taking advantage of this high-profile exploit. Fake giveaways, NFT airdrops, and solicitation of donations through a fake address are among the tactics employed by these impersonators.
It is worth noting that not all blockchain transactions are irreversible. The wallet owner has attempted to reach out to the hackers, offering a 10% commission in exchange for the return of the funds. Depending on the protocol, there may also be a possibility of returning wrapped BTC through block validators.
Currently, there is no evidence of the funds being moved to another location.
Some skeptics view the recent heist as a means of engaging in engagement farming or seeking social media attention. However, there is insufficient evidence to identify the wallet’s owner, despite various claims from individuals purporting to be the affected party.
Interestingly, the funds from the exploit ended up in a wallet cluster that has been linked to previous token thefts. This wallet cluster has drawn attention and suspicion for possible fake phishing activities. Notably, the funds have not been sent to a mixer, decentralized protocol, or laundered through NFTs.
The current exploit bears resemblance to the “dust phishing” scam, which has been prevalent for over a year. The attackers employ a similar approach by sending small transactions to wealthy wallets, tricking the recipients into believing the funds are coming from legitimate sources.
In some cases, the attacker manages to generate an address that closely resembles the recipient’s address, even matching the first and last four digits. To avoid falling victim to this scam, it is advisable to avoid copying and pasting addresses from transaction histories and instead obtain the address from a trusted source each time.
Unfortunately, the Ethereum network and its token standard cannot prevent dust transactions, and not all malicious addresses can be flagged.
Developers are working on solutions, including wallets that can compare random parts of an address’s digits and letters. This would help prevent reliance solely on verifying characters at the beginning and end of an address. Additionally, visual representations of addresses are being explored as an alternative to dealing with long, unreadable strings.
