As reported by The Defiant, an unsuspecting user lost $69 million in WBTC by sending funds to an address associated with an address pollution attack.
Web3 cybersecurity firm Certik alerted the malicious transaction early Friday morning. According to Certik's X account, the attacker pretended to transfer 0.05 ETH (about $150), causing the victim to send funds to the wrong address.
Address pollution occurs when an attacker sends junk transactions to an address to confuse unwary users. Instead of sending funds to a legitimate wallet address, the user will copy the fraudulent address, which usually starts and ends with the same six digits.
Hackers can learn the addresses associated with users’ exchange accounts through regular payments and other transaction flows.
Anonymous Officer, who worked as a threat researcher at Web3 cybersecurity firm ImmuneFi, said these types of attacks are very common, but usually have a low success rate.
According to Etherscan data, after the attack, the attackers moved the funds across eight different transactions. According to Officer, many users are lazy in their operations in the cryptocurrency field.
“A lot of people have a bad habit of blindly copying the last address from their transaction history for security reasons,” he said. Hackers take advantage of this behavior by sending small amounts of cryptocurrency from similar addresses.
How to defend against such attacks?
"Don't trust your clipboard, especially considering the existence of malware with almost the same scheme (often targeting the clipboard), check all numbers one by one and add popular addresses to the allow list (if possible)," he warned.
According to a new report from Web3 security firm ImmuneFi, hackers stole $336 million in cryptocurrency in the first quarter of 2024, a 23% drop from the same period last year.
