Crypto user loses $69.3m to address poisoning scammer
Crypto scammers successfully stole a whopping 1,155 wrapped Bitcoin using a technique that tricks users into malicious transactions.
According to blockchain security provider CertiK, a crypto user lost over $69.3 million in wrapped Bitcoin (WBTC) to an address-poisoning attack on May 3. At first, the attacker mirrored a 0.05 Ethereum (ETH) transfer before stealing the WBTC in the next transaction.
On-chain investigator ZachXBT and crypto security provider Cyvers corroborated the news. Cyvers CTO Meir Dolev said the case was “probably the highest value lost due to an address poisoning scam” to date.
In an address poisoning scam, victims are presented with a similar wallet address and deceived into transferring assets to an exploiter. The malicious address usually imitates the four to six characters at the beginning and end of an address.
Users fall prey to this method as the differences are sometimes hard to spot, especially since wallet addresses may exceed 40 alpha-numeric characters in some cases.
The incident has already eclipsed the proceeds from exploits and scams throughout the last month, which amounted to about $25.7 million in digital assets. CertiK also noted that April saw the lowest defi scam levels seen since 2021.