See More

Real-World Lending Project Florence Finance Suffers $1.45 Million Phishing Attack

3 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • Scammers have stolen $1.45 million in USDC from the real-world asset lending project, Florence Finance, via a phishing attack.
  • The Florence Finance attack involved address poisoning, a common phishing technique where a fraudulent, similar-looking address is used.
  • Co-founder and CEO of Cyvers, Deddy Lavid, has emphasized the need for heightened security measures in the digital finance sector.
  • promo

Scammers have reportedly stolen around $1.45 million worth of USDC from the real-world asset (RWA) lending project Florence Finance.

Crypto projects are often vulnerable to sophisticated attacks, draining significant amounts of funds. One such technique is address poisoning.

How Florence Finance Lost 1.45 Million USDC to Phishing Attackers

Web3 security platform Cyvers told BeInCrypto that Florence Finance has potentially lost over $1.45 million in the stablecoin USDC. The screenshot below shows that the RWA lending project sent over 1,456,162 USDC to the phisher’s wallet – 0xB087

Hackers Stole Over $1.45 Million From Florence Finance
Scammers Stole Over $1.45 Million From Florence Finance. Source: Etherscan

The attack happened through address poisoning, which is a common phishing technique in the crypto realm. Meir Dolev, the co-founder and CTO of Cyvers told BeInCrypto:

“Address Poisoning involves the creation of a wallet address that closely resembles a legitimate address that a user might frequently use. The attacker generates these addresses by modifying a few characters of the original address.

“When a user transacts cryptocurrencies and relies on autofill features or quick glances at their address book, they might accidentally select the fraudulent, look-alike address. As a result, the funds are sent to the attacker’s wallet instead of the intended recipient. This method relies heavily on human error and the difficulty in distinguishing between similar-looking wallet addresses.”

The Florence Finance address poisoning attack happened in three steps, according to Dolev:

  1. The victim sent USDC to some legitimate address (normal activity).
  2. Scammers poisoned the victim’s address by sending fake tokens from the victim’s address with the same amount and to a very similar destination address (hash of scammer address) like the legit one.
  3. The victim accidentally copied the scammer’s address and sent them real tokens like USDT or USDC
Screenshot from Etherscan illustrating attack in three steps
Screenshot from Etherscan illustrating the attack in three steps. Source: Cyvers

Scammers Bridged Funds to THORChain

The phishing wallet 0xB087 then sent the funds to another wallet, 0x18d8, which then transferred the funds to 0x88E2. As of writing, 0x88E2 has been bridging the funds to THORChain after converting them to Ethereum (ETH).

While the suspicious transactions happened on Tuesday, Florence Finance has yet to make a post on X (Twitter), informing the community about the incident.

Read more: DeFi Community Building: A Step-by-Step Guide

Hackers Bridged Funds to THORChain
Scammers Bridged Funds to THORChain. Source: Etherscan

Deddy Lavid, co-founder, and CEO at Cyvers believes that there is a need for greater security measures. He said:

“Our investigation reveals that the attack was a well-orchestrated phishing scheme. Such attacks highlight the need for heightened vigilance and sophisticated security measures in the digital finance sector.”

Moreover, Dolev told BeInCrypto that they are working with Florence Finance to enhance their security protocols and prevent future phishing incidents. 

Indeed, heightened security measures are becoming increasingly necessary as attacks draining millions are a regular occurrence in the Web3 industry. For instance, last week, the decentralized exchange (DEX) aggregator KyberSwap lost over $45 million to hackers.

Also, hackers stole over $100 million from Justin Sun’s HECO chain and crypto exchange HTX.

Read more: RWA Tokenization: A Look at Security and Trust

Do you have anything to say about the Florence Finance address poisoning attack or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or X (Twitter).

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.

Top crypto platforms in the US | February 2024



In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Harsh Notariya
Harsh Notariya excels in delivering SEO-optimized crypto news under tight deadlines. Previously, as a Growth Marketer at Sporty and a Community Consultant at Totality Corp, he significantly boosted community engagement and followers. Harsh also crafted engaging content for top crypto influencer Shivam Chhuneja, blending meme references for an educational yet fun experience. His versatile skills make him a notable figure in crypto journalism.