1. Home
  2. Address poisoning

Address poisoning

Hacker Returns Nearly All of $68,000,000 Worth of Crypto Stolen From Whale Wallet: On-Chain Data

Hacker Returns Nearly All of ,000,000 Worth of Crypto Stolen From Whale Wallet: On-Chain Data

A hacker who managed to steal nearly $70 million in crypto from a whale has returned almost everything, according to on-chain data. Earlier this month, a hacker successfully phished a whale using what’s known as an “address poisoning” scheme. The scheme involves sending someone a small amount of crypto with an address that looks similar […]

The post Hacker Returns Nearly All of $68,000,000 Worth of Crypto Stolen From Whale Wallet: On-Chain Data appeared first on The Daily Hodl.

MicroStrategy completes $3 billion convertible notes offering to buy more Bitcoin

DEA gets duped: Agency loses $55K in address poisoning scam

The DEA, the country's lead drug enforcement agency, is yet to find those responsible for the attack but has enlisted the help of the FBI.

The United States Drug Enforcement Administration (DEA) — the agency tasked with enforcing the country’s drug laws — lost $55,000 in seized Tether (USDT) earlier this year at the hands of a scammer.

Forbes reported on Aug. 24 that in May, the agency seized over $500,000 worth of USDT from two Binance accounts it suspected of laundering money from drug sales as part of a multi-year investigation.

The funds were put in DEA-controlled Trezor crypto wallets and stored securely, according to a search warrant seen by Forbes. As part of standard forfeiture processing the DEA sent a test amount of just over $45 worth of USDT to the U.S. Marshals Service.

An on-chain sleuth picked up on the transaction and then quickly set up a crypto wallet with the same first five and last four characters of the Marshals account — a scam tactic known as “address poisoning.”

The scammer airdropped a token to the DEA’s wallet so that the spoofed address will appear as a recent transaction, and thus tricking the owner into accidentally transferring funds to the wrong address.

The tactic worked against the DEA agent, who sent over $55,000 to the scammer.

By the time the Marshals noticed and alerted the DEA who in turn asked Tether to freeze the funds it was too late.

The USDT had already been swapped for Ether (ETH) and Bitcoin (BTC) and then shifted to different crypto wallets.

Related: SEC charges former corrections officer with role in bizarre crypto scam

The DEA alongside the FBI is investigating the incident and is yet to find whose behind the attack. All they’ve found so far are two Binance accounts that paid for the attacker wallet gas fees which used two Gmail email addresses to sign up.

It's hoped Google has some information that can be used to nab the owner of the Gmail accounts.

The DEA did not immediately respond to a request for comment.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

MicroStrategy completes $3 billion convertible notes offering to buy more Bitcoin

Scam alert: MetaMask warns crypto users about address poisoning

The scammers will use wallet addresses generated from vanity address generators and match the first and last characters of their victim’s wallet address.

A new crypto wallet address scam that tries to take advantage of user carelessness has been on the rise, according to the MetaMask team. 

In an announcement, digital wallet provider MetaMask warned users of an “address poisoning scam,” where attackers “poison” transaction histories by sending users tokens worth $0 to their wallets. The scammers will use wallet addresses generated from vanity address generators and match the first and last characters of their victim’s wallet address. This gets unsuspecting users to send their funds to the wrong copycat address.

While the attempt would not give the hackers access to user wallets, people who may have gotten into the habit of copying their wallet address from the transaction history before sending digital asset balances could potentially send their funds to copycat addresses. 

Related: Nomad exploit wallet address transfers $1.5M to Tornado Cash

Because of this, the wallet provider warned users to always be careful and double-check their transactions before sending their balances. The firm highlighted that it would be best to check every single character of the wallet address to ensure the funds are sent to the correct wallet.

Cast your vote now!

Apart from this, the firm recommended that users stop copying wallet addresses from their transaction histories and use their address book when sending digital assets.

MicroStrategy completes $3 billion convertible notes offering to buy more Bitcoin