Crypto Investor Loses Over $12 Million in Ethereum to ‘Address Poisoning’ Scam

A cryptocurrency investor lost approximately $12.4 million worth of Ethereum to an “address poisoning” attack. The scam involved the attacker monitoring the victim’s transactions for over two months to identify an OTC deposit address, then creating a fraudulent address that closely resembled the legitimate one. By using vanity address generation software, the attacker crafted a look-alike address with the same starting and ending characters. The attacker then 'dusted' the victim’s wallet with a small transaction to ensure the fake address appeared prominently in their transaction history. The victim inadvertently copied the poisoned address when attempting to move the funds. This incident is the second major theft of this kind in recent weeks, following a $50 million loss in a similar scheme last month. Experts suggest that wallet interfaces truncating addresses contribute to the problem, and recommend using verified address books instead of relying on transaction history.

(Source：BeInCrypto)