Here’s How Scammers Are Evolving Their Techniques in Address Poisoning Attacks
Scammers have been upping their game and are now utilizing actual funds in their address poisoning attacks. This alarming development was brought to the public’s attention through a post on X by Cyvers Alerts, a platform dedicated to raising awareness about online threats.
Crypto users have become the prime targets of this new phishing scam, as scammers are now sending real Ethereum (ETH) to deceive unsuspecting victims. The initial warning post on X stated, “Beware of a new phishing scam targeting #crypto users! Scammers are now sending real $ETH to trick you.”
The scammers rely on users inadvertently copying a fake address, employing a tactic similar to address poisoning. Additionally, they might also send counterfeit Tether (USDT) tokens to further dupe users into sending funds to the wrong address.
In a subsequent post, Cyvers Alerts highlighted a specific incident involving a victim who received a small amount of Ethereum in what appeared to be a test transaction. Unbeknownst to the victim, the scammer had inserted their fake address into the victim’s transaction history. Consequently, the victim unintentionally copied the scammer’s address and sent 17 ETH worth $47.6K, resulting in substantial financial loss.
Another user on X, Catakor, shared a similar incident where a user lost one million USDT. The user received a million USDT from their Kraken account and performed a “test deposit” to confirm the funds were sent to the correct account. However, a scammer had created a deceptive transfer of USDT from the user’s wallet to an address closely resembling the one associated with the Kraken account. The user unknowingly copied the last “sent” transaction, leading to the loss of up to one million USDT. The scammer swiftly converted the stolen USDT to ETH and transferred them to another wallet, where they remain stored.
Address poisoning is a scam that targets the common practice of copying and pasting wallet addresses in cryptocurrency transactions. Scammers use a ‘vanity’ address generator to create an address that closely resembles the victim’s. They then initiate a transaction of minimal value from this fabricated account. If the victim mistakenly pastes the scammer’s address, the funds end up being sent to the scammer instead of the intended recipient. This sophisticated tactic demonstrates scammers’ ongoing efforts to exploit unsuspecting individuals in the cryptocurrency ecosystem.