- April 21, 2023
- Posted by: [email protected]
- Category:
In a brazen display of cyber thievery, a hacker has managed to abscond with a jaw-dropping $1.2 million worth of ARB tokens. What makes this heist particularly alarming is the novel approach employed by the attacker – cunningly altering a wallet’s address, luring victims into sending funds to a fraudulent destination. This type of attack, known as “address poisoning”, capitalizes on the vulnerabilities of unsuspecting users who may overlook important details in their rush to transact.
This insidious cyber-attack preys on user carelessness and haste, and is considered a scourge in the world of cryptocurrencies. Analysis of blockchain data has revealed that a single crypto address has been systematically pilfering funds from over 600 different Arbitrum users, making off with more than 930,000 ARB tokens.
The transfer of funds, totalling a staggering $1.2 million worth of ARB tokens, began just a day after Arbitrum’s much-anticipated airdrop. Intriguingly, the culprit behind this brazen cyber-attack is a contract creator known as “Fake_Phishing18,” a glaring red flag in Arbitrum’s blockchain explorer. This revelation points to a troubling possibility – victims of the scam may have fallen prey to a phishing link, unwittingly interacting with malicious contract.
The aftermath of the heist has left a trail of distraught crypto users taking to twitter to share their heart breaking stories. With losses totalling in the thousands of dollars, victims are reeling from the devastating impact of falling prey to the attacker’s cunning scheme. A user lamented, “Lost 7250 ARB tokens to the hacker. Which is currently worth 10,000$ at the time of tweet.“
As MetaMask, a leading Web3 wallet developer, had warned in early January, the menace of “address poisoning” attacks is on the rise. The attackers prey on the human tendency to overlook small details, manipulating wallet addresses to bear striking similarities to legitimate ones, with only slight variations in the first and last few characters. To safeguard against this growing threat, users are advised to exercise caution by double-checking the complete address and remaining vigilant when transacting.
