The cryptocurrency investor lost 4,556 Ethereum, worth about 12.4 million dollars, after falling victim to a carefully planned “address poisoning” attack.
Specter, a blockchain analyst operating under a pseudonym, reported that the theft occurred about 32 hours after the attacker had “dusting” the victim's wallet with a nominal transfer.
How a fake, lookalike address cost an Ethereum holder millions of dollars
According to Specter's blockchain analysis, the attacker monitored the victim's transaction activity for two months. During this time, the hacker specifically identified the deposit address used for OTC transactions.
The attacker used a vanity address generation program to create a wallet that resembled the real one. The fraudulent address started and ended with exactly the same characters as the victim's intended target address.
Address poisoning is based on the fact that users generally only check the beginning and end of a long hexadecimal address. In this case, the fraudulent address and the genuine OTC address looked completely identical at a glance.
The attacker first made a small move to the victim's wallet, which was a deliberate way to activate the user's transaction log. Thus, the distorted address rose prominently to the top of the 'latest events' history.
Based on this blurred list, the victim accidentally copied the poisoned address instead of the correct source while trying to transfer 12,4 million dollars.
This case was already the second major theft of over eight-digit sums through this attack method in recent weeks. Last month, another crypto trader lost around 50 million dollars in a nearly identical scam.
Industry players believe that the number of these attacks is increasing as wallet interfaces shorten addresses to save screen space. As a result, the middle parts of addresses, where the differences lie, remain hidden.
Meanwhile, this case raises serious questions about the institutional investors' verification protocols.
Retail investors often rely on copying and pasting addresses, but entities transferring large sums typically use strict lists of approved addresses and test transfers.
Blockchain security company Scam Sniffer has urged investors to refrain from using transaction history for repeated crypto payments. To ensure security, it is recommended to use verified, permanent address books to prevent interface imitation from posing a threat.