Ethereum User Loses Nearly $700K to Rising Address Poisoning Scam

An Ethereum user lost $700,000 to an address poisoning scam, highlighting the dangers of careless address verification. Scammers create fraudulent addresses similar to legitimate ones, tricking users into sending funds. Experts recommend multi-step verification processes and thorough checks to avoid falling victim to these scams, which are alarmingly on the rise.

An Ethereum user has experienced a staggering loss of nearly $700,000 in USDT following a sophisticated address poisoning scam over the weekend. This incident raises alarms as experts highlight the increasing prevalence of such scams. Vigilance is crucial; users must ensure they meticulously verify the addresses before transferring any funds.

So, what is this address poisoning exactly? Essentially, scammers create a fake address that closely resembles one the victim has previously used. To execute the scam, the attacker sends a small amount of cryptocurrency to the victim’s wallet, making it challenging for the user to distinguish between the legitimate and fraudulent addresses. A pseudonymous analyst known as 0xToolman explained how subtle the differences can be; for example, an authentic address of 0x11223344556677889900 could lead to a counterfeit address like 0x1122aaaaaaaaaaaaaa9900, causing confusion.

On Sunday, the scamming con artist sent a transaction of zero USDT from a cleverly deceptive wallet designed to look like a legitimate Binance wallet, which the victim had recently interacted with. PeckShield, a security firm, indicated that the victim likely recognised the fraudulent address from their transaction history, mistakenly trusting it because of a recent successful small transfer.

The scammers leverage advanced software to churn out thousands of imitation wallet addresses, making use of popular platforms like Binance for their ruses. “It’s all automated. They employ a spray-and-pray technique,” says Hakan Unal, a senior blockchain scientist at Cyvers. “Even if a mere 0.1% of targets fall for it, scoring one high-value wallet makes it worthwhile.” This exploit led to the victim sending an eye-watering 699,990 USDT to the scammer’s account.

After collecting the funds, the scammer acted swiftly; according to blockchain investigative firm AMLBot, they converted the USDT into DAI. A key reason for this conversion is DAI’s status as a decentralised stablecoin — unlike Tether, DAI cannot freeze funds associated with suspicious activities. The perpetrators have since laundered the stolen money through multiple wallets, further complicating the recovery process.

Scams of this type seem to be on the rise, with Cyvers reporting a single trader’s loss of over $70 million last year, the largest known instance of address poisoning to date. Furthermore, just last Friday, another victim lost $467,000 worth of DAI in a similar scam.

To mitigate potential losses, experts urge crypto users to exercise extra caution when sending funds. “Always double-check wallet addresses before initiating transfers,” a spokesperson for PeckShield advises. They stress the importance of full address visibility, recommending comprehensive character validation when copying addresses. Furthermore, they suggest cross-referencing transactions on explorers like Etherscan to confirm legitimacy and, crucially, not to rely on addresses from unverified sources or history.