Poisoned Wallet Address Loses $70 Million in ‘Very Suspicious’ WBTC Transaction

A fake transaction led a user to send 1,155 WBTC to the wrong address.

By: Pedro Solimano Loading...

 the image of a cryptocurrency hack in a minimalistic design with neon colors

An unsuspecting user lost $69 million in WBTC today after sending the funds to an address linked with an attack known as address poisoning.

Web3 cybersecurity firm Certik first alerted of the malicious transaction early Friday morning. The attacker mimicked a transfer of 0.05 ETH, or $150, which led the victim to send the funds to the wrong address, according to Certik’s X account.

Poisoning addresses refers to attackers sending spam transactions to an address in order to confuse inattentive users. Users then copy the fraudulent address–which usually begins and ends with the same six digits– instead of sending funds to a legitimate wallet address.

Hackers can know an address linked to a user’s exchange account because of recurring payments and other transaction flows.

Low Success Rate

The pseudonymous Officer, a threat researcher formerly of the Web3 cybersecurity firm ImmuneFi, told The Defiant that these types of attacks are very common but usually have a low success rate.

According to Etherscan, after the attack, the perpetrator moved the funds in eight separate transactions.

According to Officer, many users are lazy when operating in the crypto space.

“A lot of people have a bad habit of blind copying the last address from their transaction history, just to be sure,” he said. Hackers take advantage of this behavior by sending small sums of crypto from similar-looking addresses.

Triple Check

How to counter such attacks?

“Don't trust Clipboard especially given the fact that malware with almost the same scheme exists (it usually targets a clipboard), check all digits one by one and add hot addresses to the allow list (if possible),” he warned.

Exploits have been on a negative curve during 2024.

Hackers stole $336 million in crypto in the first quarter this year, a 23% drop from the same time last year, according to the latest report by Web3 security firm ImmuneFi.