Victims lost $71 million in WBTC due to address poisoning attacks.

Someone lost $71 million worth of Wrapped Bitcoin (WBTC) in what appears to be an address poisoning attack.

According to on-chain transfers from the Etherscan blockchain explorer, the victim transferred 1,155 WBTC ($71.1 million) to the attacker.

This is an attack in which a hacker creates a wallet address similar to the victim’s wallet address through a vanity address service or address mining and sends numerous transactions to the victim as spam. If a victim accidentally copies the hacker’s fake address, they will be transferring funds to the hacker rather than their own.

The hacker’s address was later flagged as “fake” and “phishing” on the Ethereum blockchain explorer Etherscan.

Wrapped Bitcoin is an ERC token pegged 1:1 to Bitcoin for use in the Ethereum ecosystem. According to the block price page, WBTC was trading at $61,644.23 at 11:13 AM (UTC 15:13) on May 3, up 3.95% at $2,338 in the last 24 hours.

The basics of poisoning attacks

Attackers often mimic several of the first and last numbers in wallet addresses that people often see when sending funds.

Changpeng ‘CZ’ Zhao, former CEO of Binance, explained after the August 2023 security incident that such attacks can be deceptively effective.

“Now fraudsters are so adept that they create addresses with the same starting and ending characters that most people see when making cryptocurrency transfers,” Zhao said. wrote On social media at the time. “In fact, many wallets hide the middle part of the address with ‘…’ to make the UI look nice. Fraudsters then use this address to send dust transactions to make the address appear in the wallet.”

“Now, if you want to send to a legitimate address, just select one of the previous transactions in your wallet and copy the address. You can also copy the wrong address,” Zhao continued. “This happened to an experienced cryptocurrency operator yesterday.”

Zhao added that the operator in the August incident discovered the fraudulent transaction and stopped the fund transfer in a timely manner.

Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.

© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.