يبدو أن تسميم العناوين هو عملية احتيال بسيطة، ومع ذلك يمكن أن تؤثر حتى على مستخدمي العملات المشفرة ذوي الخبرة. اكتشفت تشيناليسيس ما يصل إلى ٨٢ ألف محفظة مرتبطة بحملة تستهدف المستخدمين ذوي الأرصدة العالية.
يستمر التسمم بالمعالجة كواحد من أكثر الهجمات شيوعًا ولكن فعالة. تكشف سلاسل الكتل العامة عن محافظ بها أرصدة trac ، وتستهدفها الروبوتات، على أمل الخلط بين الهجمات التكنولوجية والخطأ البشري. تم إنشاء العناوين المسمومة في فترة زمنية قصيرة، لكن الخسائر الشخصية تحدث عدة مرات، بمجرد أن تصبح الضحية نشطة مرة أخرى على السلسلة. في اليوم الماضي، تم تسجيل خسارة واحدة بقيمة 57000 دولار بسبب عنوان مسموم تم نسخه من سجل المعاملات.
🚨💔 منذ 42 دقيقة، خسر أحد الضحايا 57000 دولار عن طريق نسخ عنوان خاطئ من سجل معاملات ملوث.
ملحوظة: لا تقم أبدًا بنسخ العناوين من سجل المعاملات. 🚫📋 pic.twitter.com/ypjn8iMOcO
- حل حماية العقدة. (@NodeGuard_Pro) 23 أكتوبر 2024
Chainalysis has tracked down 82K wallets tied to attempts at poisoning by posting fake zero-value tokens. The address poisoning scam is also similar to the zero-value token attack, though with the added generation of a confusing address. Tools for poisoned address attacks are also distributed on darknet markets.
The attack depends on users not verifying their addresses closely enough, by issuing similar digits at the beginning and end of the address. The attack hinges on crypto user habits of only checking the first and last four digits of an address.
Some of the most common fake tokens or zero-sum transactions involve USDT, TRX, or MATIC, or a faked version of the token. A part of the transactions also copy the amount previously used, creating a similar-looking wallet entry. Others send entirely new tokens as an airdrop. The wallet itself is not hacked in this type of attack, and there is no risk to the funds when receiving seeding transactions.
Poisoned address scams may target even small balances, but this type of attack was behind one of the biggest losses in 2024. Poisoned addresses managed to drain $68M Wrapped BTC (WBTC) from a single wallet.
In this case, the exploiter later returned the funds, after earning $3M due to the appreciation of BTC at that time. The victim contacted the exploiter through Ethereum micro-transactions with messages attached, leading to a full refund three days later.
Poisoned addresses still spread on Ethereum
The large-scale heist helped Chainalysis discover more poisoned addresses. A total of eight wallets were responsible for launching the fake addresses during a campaign-like, concentrated event.
Chainalysis discovered a total of 82,031 spoofed addresses, which resemble legitimate counterparties. The newly created poisoned addresses were close to 1% of all new Ethereum wallets launched in a similar time period.
The network of poisoned addresses managed to scam more experienced users with a higher wallet balance. A total of 2,774 wallets sent funds to the faked addresses, diverting a total of $69.72M. The wallets contained up to $338K, though most held smaller sums of $1,000. What was also common is that the victims were usually active traders and Ethereum users.
The wide network of poisoned addresses had a relatively small success. Of the wallets targeted, 756 caught the scam with a test transaction or a smaller sum under $100. The transactions sometimes even spoofed the victim’s own wallets. In that case, owning a human-readable ENS address could mitigate the risk.
Similar campaigns have ran on Binance Smart Chain, with the Binance team now flagging zero-value transactions and spoof addresses. Reports of Toncoin (TON) poisoned addresses have also surfaced, with 0 TON transactions as the bait.
Scammers launder funds through DeFi and exchanges
While the biggest $68M haul was not laundered efficiently, smaller sums could be disguised and liquidated. Scammers used DeFi protocols, then centralized exchanges to both clear their tracks and swap the initial funds.
Some of the exchanges involved in the scam were no-KYC markets in Eastern Europe, with less stringent regulations on the origin of funds. The transfers to an exchange were the last leg of the destination, after mixing the funds through DeFi protocols and decentralized markets.
Campaigns of seeding wallets are usually short, but can have outsized earnings. Block explorers have started flagging the fake transactions, so users can check their history before sending funds.