Home>BLOCKCHAIN>Secure Pockets scammer steals $2M by way of ‘handle poisoning’ in a single week

Secure Pockets scammer steals $2M by way of ‘handle poisoning’ in a single week


A crypto hacker specializing in “handle poisoning assaults” has managed to steal over $2 million from Secure Pockets customers alone previously week, with its complete sufferer depend now reaching 21. 

On Dec. 3, Web3 rip-off detection platform Rip-off Sniffer reported that round ten Secure Wallets misplaced $2.05 million to address poisoning attacks since Nov. 26.

In response to Dune Analytics information compiled by Rip-off Sniffer, the identical attacker has reportedly stolen no less than $5 million from round 21 victims previously 4 months.

Rip-off Sniffer, reported that one of many victims even held $10 million in crypto in a Secure Pockets, however “fortunately” solely misplaced $400,000 of it. 

Handle poisoning is when an attacker creates a similar-looking handle to the one a focused sufferer recurrently sends funds to — normally utilizing the identical starting and ending characters.

The hacker typically sends a small quantity of crypto from te newly-created pockets to the goal to “poison” their transaction historical past. An unwitting sufferer might then mistakingly copy the look-alike handle from transaction historical past and ship funds to the hacker’s pockets as an alternative of the supposed vacation spot.

Cointelegraph has reached out to Secure Pockets for touch upon the matter.

A latest high-profile handle poisoning assault seemingly carried out by the identical attacker occurred on Nov. 30 when real-world asset lending protocol Florence Finance misplaced $1.45 million in USDC.

On the time, blockchain safety agency PeckShield, which reported the incident, confirmed how the attacker might have been capable of trick the protocol, with each the poison and actual handle starting with “0xB087” and ending with “5870.”

In November, Rip-off Sniffer reported that hackers have been abusing Ethereum’s ‘Create2’ Solidity operate to bypass pockets safety alerts. This has led to Pockets Drainers stealing round $60 million from nearly 100,000 victims over six months, it famous. Handle poisoning has been one of many strategies they used to build up their ill-gotten positive factors.

Associated: What are address poisoning attacks in crypto and how to avoid them?

Create2 pre-calculates contract addresses, enabling malicious actors to generate new related pockets addresses that are then deployed after the sufferer authorizes a bogus signature or switch request.

In response to the safety crew at SlowMist, a bunch has been utilizing Create2 since August to “constantly steal practically $3 million in property from 11 victims, with one sufferer shedding as much as $1.6 million.”

Journal: Should crypto projects ever negotiate with hackers? Probably