A cryptocurrency investor has lost 4,556 Ethereum, valued at approximately $12.4 million, after falling victim to a sophisticated “address poisoning” attack.
Specter, a pseudonymous blockchain analyst, reported that the theft occurred roughly 32 hours after the attacker “dusted” the victim’s wallet with a nominal transaction.
How a Fake Look-Alike Address Cost an Ethereum Holder Millions
According to Specter’s on-chain analysis, the attacker spent two months monitoring the victim’s transaction activity. During this period, the hacker specifically identified a deposit address used for OTC settlements.
SponsoredThe attacker employed vanity address generation software to engineer a look-alike wallet. This fraudulent address shared the exact same starting and ending alphanumeric characters as the victim’s intended destination.
Address poisoning relies on the user’s tendency to check only the first and last few characters of a long hexadecimal string. In this instance, the fraudulent address and the legitimate OTC address appeared identical at a glance.
The attacker first initiated a minor transaction to the victim’s wallet, a tactic designed to populate the user’s activity log. This strategic move ensured the corrupted address appeared prominently at the top of the “recent transactions” history.
Relying on this compromised list, the victim inadvertently copied the poisoned address rather than the legitimate source when attempting to move the $12.4 million.
This incident marks the second major eight-figure theft via this specific vector in recent weeks. Last month, a separate crypto trader lost approximately $50 million in a nearly identical scheme.
Industry stakeholders argue that these attacks are proliferating because wallet interfaces often truncate addresses to save screen space. This design choice effectively hides the middle characters where the discrepancies lie.
Meanwhile, this breach raises serious questions regarding verification protocols among institutional-grade investors.
While retail traders often rely on copy-pasting addresses, entities moving millions typically employ strict whitelisting procedures and test transactions.
Consequently, blockchain security firm Scam Sniffer has urged investors to abandon reliance on transaction history for recurring crypto payments. Instead, they recommend utilizing verified, hard-coded address books to mitigate the risk of interface spoofing.
