Scammer Tricks Ethereum User Out of $700K Using Fake Wallet Address

Ethereum User Loses $700,000 in Address Poisoning Scam

An Ethereum user lost nearly $700,000 worth of USDT on Sunday. The loss happened because of an address poisoning scam. Experts warn that this scam is becoming more common. It is easy to fall for if users do not pay close attention to the wallet addresses they interact with.

Source: CoinGecko

This incident shows how important it is to stay cautious when handling crypto transactions. Even a small mistake can lead to a major loss.

Address poisoning is a type of scam where attackers create a fake wallet address that looks almost identical to a real one. To start the scam, they send a small transaction to the victim’s wallet. This small transfer is enough to make the fake address appear in the victim’s transaction history.

The goal is to trick the victim into copying and pasting the wrong address the next time they send funds.

For example, if your real wallet address is 0x11223344556677889900, your wallet might show it shortened like 0x1122...9900. Scammers create an address like 0x1122aaaaaaaaaaaaaa9900. It looks very similar when shortened. At a glance, it is hard to notice the difference.

On Sunday, the attacker sent a 0 USDT transaction from a fake address. The fake address looked almost exactly like a Binance wallet address that the victim had just interacted with.

The victim had made a small 10 USDT test transfer to what they believed was their correct address. When they checked their transaction history, they saw the fake address. It looked familiar because of the small transaction just moments before. Thinking it was safe, they copied it without rechecking.

Security firm PeckShield explained that the attacker used the victim’s trust against them. Since the victim had just seen a successful transfer, they trusted the next transaction without verifying the full address.

Scammers Use Automated Tools

Scammers use special software to generate thousands of fake wallet addresses. These addresses are designed to look similar to commonly used addresses, especially ones from popular platforms like Binance.

Hakan Unal, a Senior Blockchain Scientist at Cyvers, shared more about their strategy. He said scammers use a “spray-and-pray” method. They blast thousands of fake transactions to as many users as possible. Even if only a few fall for it, the reward is still huge. It is a low-effort scam with a very high payout.

This scam led to the victim sending 699,990 USDT directly to the scammer. After receiving the funds, the scammer acted quickly. According to blockchain investigation firm AMLBot, they swapped the USDT for DAI.

The scammer swapped USDT to DAI because DAI is decentralized. Tether, the company behind USDT, can freeze stolen funds if they are alerted in time. DAI, however, does not have a company that controls it. This makes it much harder to recover stolen funds once they are moved.

After swapping, the scammer moved the funds through many different wallets. This helps cover their trail and makes tracking much harder for investigators.

Address poisoning scams are becoming a serious problem. Last year, a crypto trader lost over $70 million in one of these scams. Just last Friday, another victim lost $467,000 worth of DAI after falling for the same trick.

Source: X

More people are using crypto every day. Scammers are taking advantage of users who are in a rush or not fully alert when sending funds.

The good news is that address poisoning scams can be prevented. PeckShield’s spokesperson shared some important tips.

Users should always double or triple-check the full wallet address before sending any funds. Never trust shortened addresses like 0x123...abc. Always make sure to see the entire address and check it character by character.

Another important tip is to always verify addresses using blockchain explorers like Etherscan. Users should never copy wallet addresses from transaction histories or from unverified messages. Taking a few extra seconds to verify can save users from losing thousands or even millions of dollars.