Scammers have reportedly stolen around $1.45 million worth of USDC from the real-world asset (RWA) lending project Florence Finance.
Crypto projects are often vulnerable to sophisticated attacks, draining significant amounts of funds. One such technique is address poisoning.
How Florence Finance Lost 1.45 Million USDC to Phishing Attackers
Web3 security platform Cyvers told BeInCrypto that Florence Finance has potentially lost over $1.45 million in the stablecoin USDC. The screenshot below shows that the RWA lending project sent over 1,456,162 USDC to the phisher’s wallet – 0xB087.
The attack happened through address poisoning, which is a common phishing technique in the crypto realm. Meir Dolev, the co-founder and CTO of Cyvers told BeInCrypto:
“Address Poisoning involves the creation of a wallet address that closely resembles a legitimate address that a user might frequently use. The attacker generates these addresses by modifying a few characters of the original address.
“When a user transacts cryptocurrencies and relies on autofill features or quick glances at their address book, they might accidentally select the fraudulent, look-alike address. As a result, the funds are sent to the attacker’s wallet instead of the intended recipient. This method relies heavily on human error and the difficulty in distinguishing between similar-looking wallet addresses.”
The Florence Finance address poisoning attack happened in three steps, according to Dolev:
- The victim sent USDC to some legitimate address (normal activity).
- Scammers poisoned the victim’s address by sending fake tokens from the victim’s address with the same amount and to a very similar destination address (hash of scammer address) like the legit one.
- The victim accidentally copied the scammer’s address and sent them real tokens like USDT or USDC
Scammers Bridged Funds to THORChain
The phishing wallet 0xB087 then sent the funds to another wallet, 0x18d8, which then transferred the funds to 0x88E2. As of writing, 0x88E2 has been bridging the funds to THORChain after converting them to Ethereum (ETH).
While the suspicious transactions happened on Tuesday, Florence Finance has yet to make a post on X (Twitter), informing the community about the incident.
“Our investigation reveals that the attack was a well-orchestrated phishing scheme. Such attacks highlight the need for heightened vigilance and sophisticated security measures in the digital finance sector.”
Moreover, Dolev told BeInCrypto that they are working with Florence Finance to enhance their security protocols and prevent future phishing incidents.
Indeed, heightened security measures are becoming increasingly necessary as attacks draining millions are a regular occurrence in the Web3 industry. For instance, last week, the decentralized exchange (DEX) aggregator KyberSwap lost over $45 million to hackers.
Do you have anything to say about the Florence Finance address poisoning attack or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or X (Twitter).