I got scammed out of 100000 dollars by this vulnerability.
https://bitcointalksearch.org/topic/i-got-scammed-out-of-100000-dollars-by-fake-0-dollars-withdrawal-on-bsc-5425022
Topic: ON-CHAIN ADDRESS POISONING ATTACK Newest Type of Scam (Read 110 times)
People just need to be careful to copy and pasted their address again. Basically this is an easy method that can be used to avoid such attack. The problem is so many people didn't even carefully to double check the received address before they wanna try to send the transaction.
This attack has been using people's carelessness to take the advantage. The transaction in the blockchain was irreversible and that gives advantage to the scammers to take the opportunity from people who didn't wanna spend a few seconds to make sure if the receiver was the correct address.
I hope people care about to double check everything.
This attack has been using people's carelessness to take the advantage. The transaction in the blockchain was irreversible and that gives advantage to the scammers to take the opportunity from people who didn't wanna spend a few seconds to make sure if the receiver was the correct address.
I hope people care about to double check everything.
I hope that a prompt solution to this problem would arise as soon as possible. While these recommendations somehow provide guide to users in securing there funds and transactions, these does not necessarily stop the problem and worries. With the rampant attacks and scam schemes that pops in and out, safety precautions like double checking or adding layers of security should be initiated by ourselves as standard measures in making transactions or any other activity.
....so hackers seem to have a way to detect wallet addresses that have a lot of assets in them.
You don't have to be a hacker when there's a simple way of finding out.Let's use USDT for example,
1. Go to etherscan
2. Search for USDT
3. Click on "Holders" just beside the "Transfers" tab
That's just the manual way of doing it. Imagine if they use a tool or bot to scan the entire chain.
It seems that after several similar cases that have been made in several threads, on average the hackers infiltrated were people who stored large amounts of USDC assets in their wallets or stored large amounts of other assets.
so hackers seem to have a way to detect wallet addresses that have a lot of assets in them.
What you need to pay attention to when you want to make a transaction when this attack occurs is to always check the wallet that you want to send funds to.
I have a way if it's the best way but for me it's one of the best way.
when you want to send funds to another wallet using a QR code it will be more valid
so hackers seem to have a way to detect wallet addresses that have a lot of assets in them.
What you need to pay attention to when you want to make a transaction when this attack occurs is to always check the wallet that you want to send funds to.
I have a way if it's the best way but for me it's one of the best way.
when you want to send funds to another wallet using a QR code it will be more valid
How do they know 1.6 million have been stolen?
From the on-chain data, written in the article on the mirror platform attached by the OP, the author says that out of a total of 94 unique addresses that have been traced, the total stolen funds are around $1.6M. FYI, the attacker has also spent around $25K (46$BNB and 9$ETH) to carry out this action, this is a new phenomenon in crypto, so be careful if you have a lot of money stored in crypto.
On-chain address poisoning attack is the newest wallet address attack which the attackers use in steal stable coins from their unsuspecting victims on both BSC and Ethereum network. In the attack, the victim unknowingly send funds to the attacker's address and over $1.6M stolen in that regard from December 2, 2022.
The details of the attack and how to prevent yourself from being a victim is here. https://rb.gy/tplvuv.
The details of the attack and how to prevent yourself from being a victim is here. https://rb.gy/tplvuv.
How do they know 1.6 million have been stolen?
I don't know why would you shorten the link.
The actual referred link is: https://mirror.xyz/x-explore.eth/cL3d_CyNujXq8XY7ueP4omNXx_IY1EG5Dz0FD0vJ90M
And the recommendation based on the article are:
Quote
In order to avoid further harm, we recommend that:
The Wallet App helps users distinguish addresses through color or other prompts, and does a good job of alerting users.
Users should carefully distinguish and double check historical transaction addresses when transferring funds, preferably by keeping an address book on their own.
The Wallet App helps users distinguish addresses through color or other prompts, and does a good job of alerting users.
Users should carefully distinguish and double check historical transaction addresses when transferring funds, preferably by keeping an address book on their own.
Generally, Adress Poisoning Attack is the recent 0$ transaction issue that is widely spread. Regarding the recommendation, I think it is pretty much a temporary fix. In the first place, the faulty token implementation is one that should be fixed. In the meantime, it is better for users to triple-check their address, what I usually do instead of when checking the first and last characters, I also check the middle one.
On-chain address poisoning attack is the newest wallet address attack which the attackers use in steal stable coins from their unsuspecting victims on both BSC and Ethereum network. In the attack, the victim unknowingly send funds to the attacker's address and over $1.6M stolen in that regard from December 2, 2022.
The details of the attack and how to prevent yourself from being a victim is here. https://rb.gy/tplvuv.
The details of the attack and how to prevent yourself from being a victim is here. https://rb.gy/tplvuv.
Jump to: