A victim has lost 4,556 ETH (~$12.4M) to an address-poisoning attack.

The attacker had been dusting the victim’s wallet with a look-alike address mimicking the victim’s OTC deposit address for over two months. The recent dusting occurred ~32 hours before the loss, after which the victim mistakenly sent funds to the spoofed address.

A similar attack using this same method resulted in a $50M loss just two months ago.

Victim:

0xd6741220a947941bF290799811FcDCeA8AE4A7Da

Look-alike (poisoned) address:

0x6d9052b2DF589De00324127fe2707eb34e592e48

Attacker:

0x49a21FC945312C6fB4f8C6C4D224E74A5B96e9DF