Quick take:
- Leading Web3 security firms CertiK and Cyvers and crypto sleuth ZackXBT confirmed the exploit.
- Address poisoning exploits trick victims into sending cryptocurrency to the wrong address by mimicking the first and the last six characters of the actual address.
- They rely on the victim failing to notice the discrepancies in the characters in between.
A cryptocurrency user has been exploited for $69 million by a scammer, leading blockchain security firms have confirmed. The exploiter used an address poisoning attack to trick the victim into sending 1,155 wrapped bitcoins to the wrong address.
Web3 security firms CertiK and Cyvers and crypto sleuth ZackXBT have since confirmed the exploit.
Address poisoning involves mimicking the first and the last six characters of the actual address, and hoping that the sender will not notice the discrepancies in the characters in between.
In the reported case, the exploiter mimicked a 0.05 ether (ETH) transaction before receiving 1,155 WBTC from the victim.
This scam takes place hot on the heels of last month’s $45 million exploit of token infrastructure protocol Hedgey Finance, as revealed by Cyvers.
It also comes at a time when Web3 companies are beginning to tighten their security systems on the back of the $2 billion lost to hacks, scams and exploits across decentralized finance (DeFi) in 2023.
Although this year seems to tracking for s significantly lower figure, reports indicate the industry has already lost $333 million during the first quarter.
Earlier this week, Resonance Security, a full-spectrum cybersecurity firm for both Web2 and Web3 secured a $1.5 million pre-seed funding Arca, Web3 venture firm Fabric VC and Blockchain Founders Fund, again demonstrating how series companies are in raising the security levels in Web3.
Stay on top of things:
Subscribe to our newsletter using this link – we won’t spam!
