en
Back to the list

Here’s How Scammers Have Improved Their Tactics in Address Poisoning Attacks

source-logo  cryptopotato.com 16 February 2024 23:53, UTC

Scammers have taken their tactics to the next level and are now using real funds in address poisoning attacks.

A recent incident where a victim lost nearly $50k was brought to light through a post on X by Cyvers Alerts, a platform dedicated to raising awareness about online threats.

Crypto Users Targeted with Real ETH

An initial post warned of the new phishing scam targeting crypto users, stating, “Beware of a new phishing scam targeting #crypto users! Scammers are now sending real $ETH to trick you.”

🚨ALERT🚨Beware of a new phishing scam targeting #crypto users! Scammers are now sending real $ETH to trick you. 🕵️‍♂️

They expect you to accidentally copy a scam address. Similar to address poisoning, they might also send fake $USDT. If you send funds to this wrong address, you’ll… pic.twitter.com/8EKxixgVTG

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) January 15, 2024

It was further emphasized that these bad actors rely on users mistakenly copying a scam address, a tactic similar to address poisoning. These fraudsters may also send counterfeit Tether (USDT) tokens, tricking users into sending funds to the wrong address and falling prey to their scam.

In a follow-up post, Cyvers Alerts pointed to an incident of such a scam. The victim fell prey after receiving a negligible amount of Ethereum in what appeared to be a test transaction.

Unknown to them, the scammer had placed their fake address in the victim’s transaction history. Subsequently, the victim copied the scammer’s address and sent 17 ETH worth $47.6K, resulting in a significant financial loss.

User Loses 1 Million USDT

Another X user named Catakor has highlighted a recent similar incident that saw a user lose a million USDT. Through a thread, they narrated how the user received a million from their Kraken account and conducted a “test deposit” to confirm the funds went to the correct account.

However, a scammer had created a fake transfer of USDT from the user’s wallet to an address closely resembling the one associated with the Kraken account. The user then unknowingly copied the last “sent” transaction, resulting in them losing up to a million USDT. The scammer then quickly converted the stolen USDT to ETH and transferred them to another wallet, where they are now stored.

Address poisoning is a scam that targets the common practice of copying and pasting wallet addresses in cryptocurrency transactions. The scammer uses a ‘vanity’ address generator to create one closely resembling the victim’s and sends a transaction of negligible value from this fake account. If the victim accidentally pastes the scammer’s address, they end up sending funds to the scammer instead of the intended recipient.

cryptopotato.com