Investor loses $71 million in WBTC, tricked by poisoned address
A crypto investor sent over 1,155 Wrapped Bitcoin (WBTC) to an exploiter address this Friday, according to reports on X from blockchain security firms CertiK and Cyvers. The amount is equivalent to over $71 million in Bitcoin’s price at the time of writing, and the mistake was purposely caused by a “poisoned address attack.”
Address poisoning is a phishing method in which scammers create vanity addresses that mimic legitimate addresses that a wallet with high net worth interacts with, explained Joe Green, head of CertiK’s Quick Response Team.
“The victim initially made a 0.05 ETH transfer, which demonstrated to the scammers that the wallet was sending assets to an address. The scammer then creates a vanity wallet with the first few characters and last few digits that mimic the legitimate wallet’s 0.05 ETH transfer,” added Green.
Therefore, the victim’s transfer history has been “poisoned” with the fake address which is likely shown in the victim’s wallet modal. By copying the fake address, the victim sent a large amount of funds to the exploiter.
The exploiter has already moved the 1,155 WBTC to different wallets, and it is converting the funds to Wrapped Ether (WETH).