A cryptocurrency investor has fallen victim to an address poisoning attack, resulting in a staggering loss of $70 million worth of Wrapped Bitcoin (WBTC). The incident, which unfolded over the course of around six hours, has sent shockwaves through the cryptocurrency community.
According to a post by Lookonchain on the X, the unfortunate investor created a new address, “0xd9A1b0B1e1aE382DbDc898Ea68012FfcB2853a91,” and transferred a small amount of Ethereum (ETH), approximately 0.05 ETH, to this newly generated destination.
This observed behavior is common in the decentralized finance (DeFi) space, mainly due to the need for gas fees. Essentially, when cryptocurrency investors create new crypto wallet addresses, they need to fund them with the native token first to pay for future gas fees, in this case, Ether or ETH.
However, a scammer had been waiting unbeknownst to the investor, ready to strike at the opportune moment.
Address poisoning attack
The scammer, employing a technique known as address poisoning, generated an address that shared the same starting and ending letters as the investor’s new address. In a calculated move, the scammer transferred zero ETH to the investor, causing it to appear in the investor’s transaction history.
Many cryptocurrency wallets hide the middle portion of addresses with ellipses (“…”) to enhance user interface aesthetics. Therefore, when the investor attempted to transfer their 1,155 WBTC, valued at approximately $71 million, they inadvertently copied the scammer’s cleverly crafted address, believing it to be their own.
Notably, crypto users often only check the destination address by quickly glancing at the first and last four characters.
The devastating consequence of this mistake was the irreversible transfer of the investor’s WBTC holdings to the scammer’s address. The crypto community has expressed shock and disbelief at the magnitude of the loss, with many calling for increased awareness and education surrounding the risks associated with cryptocurrency transactions.
This incident underscores the critical importance of thoroughly verifying addresses before initiating any transfers, particularly when dealing with substantial sums of digital assets. As the cryptocurrency landscape continues to evolve, it is imperative that investors remain vigilant and stay abreast of the latest security measures and best practices to safeguard their investments.
