Investigations revealed that a hacker used three vanity addresses for a poison attack, eventually stealing about $24 million.
Alex Swanevik, CEO of Nansen.AI launched an investigation related to a scam that was carried out by poisoning. Findings revealed that the bad actor used three vanity addresses to poison—similar to the victim’s address—about approximately three and a half hours before the hack and then drained out $23 million.
Hacker sends dust to get into victim’s transaction history
Swanevik’s X post read “3.5 hours before the drain, three vanity addresses sharing a common ending pattern (…7d0e) sent dust to the victim’s wallet, inserting attacker-controlled addresses into the transaction history”
By sending dust from addresses they controlled, the attackers appear in the victim’s transaction history. Once the scammers’ addresses showed up in the victim’s transaction history, the wallet or smart contract trusts the addresses in its transaction history and treats them as trusted or legitimate participants.
After winning over the trust of the wallet, the attacker gets the accessibility to initiate a transaction or manipulate the wallet logic, bypassing protection.
After accessing the funds, the attacker sent them through a crypto hub/relay. The attacker received 133 ETH and forwarded 133.04 ETH which was later drained.
More than $80 million lost in 2022-2024
Meanwhile, a new study done by researchers at Carnegie Mellon University, published at the 34th USENIX Security Symposium, revealed that within 2 years the losses from address poisoning reached $83 million.
The researcher analyzed more than two years of transaction data on the Ethereum and Binance Smart Chain (BSC) networks. The researchers identified approximately 270 million attack attempts targeting 17 million victims, with confirmed losses totaling at least $83.8 million from July 2022 to June 2024.
Furthermore, the report read, “The findings show that what appears to be a simple trick exploits a fundamental usability problem in how cryptocurrency wallets work.”
