On May 3, a whale suffered a very sophisticated phishing attack on the blockchain using the same first and last address, causing him to lose 1,155 WBTC worth about $70 million. This incident has aroused the community's concerns about blockchain security, especially the importance of phishing attacks.
The core of the attack is that hackers took advantage of several key points: first, they generated a large number of phishing addresses in advance, and after the user made a transfer, they quickly disguised the phishing addresses as addresses similar to the user's transaction records. Second, the hackers took the approach of tailing transactions, that is, shortly after the user completed the transfer, a tiny transaction was sent to the user's address, adding the phishing address to the user's transaction history. Finally, the user mistakenly transferred funds to the phishing address due to negligence or failure to carefully check the address.
Through MistTrack's tracking analysis, it was found that the hacker had exchanged the stolen WBTC for ETH and transferred the funds to at least 10 different addresses. This transfer pattern shows that the hacker may adopt a batch attack strategy rather than a single target.
SlowMist's threat intelligence network revealed a series of IP addresses related to the phishing incident. These IP addresses are located in Hong Kong and may be mobile base stations used by hackers. This discovery suggests that hackers have adopted more covert and anonymous means to carry out attacks.
Although the victim has posted a message on the chain, hoping that the hacker can return some of the funds, no response has been received so far.
In order to prevent similar phishing attacks, users can take some preventive measures, such as establishing a whitelist mechanism, turning on the small amount filtering function, carefully checking the correctness of the address, and conducting a small amount test before transferring. These measures can effectively protect users from the threat of phishing attacks.