Home
/
News
/
Exploiter Steals $68M Worth of Crypto Through Address Poisoning

Exploiter Steals $68M Worth of Crypto Through Address Poisoning

https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning/

The victim was duped by a mimicked 0.05 ether transfer.

Updated May 3, 2024, 2:13 p.m. Published May 3, 2024, 2:07 p.m.

  • A user unintentionally sent 1,155 wrapped bitcoin to an exploiter's wallet after being targeted by address poisoning.
  • The scam has been confirmed by various blockchain security firms.

A cryptocurrency user has lost $68 million worth of wrapped bitcoin

after falling victim to an address poisoning exploit, according to blockchain security firm CertiK.

Address poisoning is a technique that involves tricking the victim into sending a legitimate transaction to the wrong wallet address by mimicking the first and last six characters of the true wallet address and depending on the sender to miss the discrepancy in the intervening characters. Wallet addresses can be as long as 42 characters.

jwp-player-placeholder

In this case, the exploiter mimicked a 0.05 ether {{ETH}} transaction before receiving 1,155 WBTC from the victim.

Security platform Cyvers and blockchain sleuth ZachXBT confirmed that $68 million had been lost to an address poisoning scam.

Crypto investors lost $2 billion to hacks, scams and exploits across decentralized finance (DeFi) in 2023 and an additional $333 million was stolen in the first quarter.

Oliver Knight

Oliver Knight is the co-leader of CoinDesk data tokens and data team. Before joining CoinDesk in 2022 Oliver spent three years as the chief reporter at Coin Rivet. He first started investing in bitcoin in 2013 and spent a period of his career working at a market making firm in the UK. He does not currently have any crypto holdings.

X icon

Oliver Knight

More For You

Harvard Reports $116M Stake in BlackRock’s iShares Bitcoin ETF in Latest Filing

Harvard University library (Pascal Bernardon/Unsplash)

The position marks one of the largest known bitcoin allocations by a U.S. university endowment.

What to know:

  • Harvard disclosed $116 million in BlackRock’s iShares Bitcoin Trust (IBIT) as of June 30.
  • The holding appears in the university’s quarterly 13-F filing with the SEC.
  • The move signals growing institutional adoption of spot bitcoin ETFs by traditional investors.

Read full story

{
  "by": "gulced",
  "descendants": 0,
  "id": 40248755,
  "score": 2,
  "time": 1714749898,
  "title": "Exploiter Steals $68M Worth of Crypto Through Address Poisoning",
  "type": "story",
  "url": "https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning/"
}
{
  "author": "Oliver Knight",
  "date": "2024-05-03T14:13:48.835Z",
  "description": "A cryptocurrency user has lost $68 million worth of wrapped bitcoin (WBTC) after falling victim to an “address poisoning” exploit, according to blockchain security firm CertiK.",
  "image": "https://cdn.sanity.io/images/s3y3vcno/production/6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg",
  "logo": "https://logo.clearbit.com/coindesk.com",
  "publisher": "CoinDesk",
  "title": "Exploiter Steals $68M Worth of Crypto Through Address Poisoning",
  "url": "https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning"
}
{
  "url": "https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning",
  "title": "Exploiter Steals $68M Worth of Crypto Through Address Poisoning",
  "description": "The victim was duped by a mimicked 0.05 ether transfer.Updated May 3, 2024, 2:13 p.m. Published May 3, 2024, 2:07 p.m. A user unintentionally sent 1,155 wrapped bitcoin to an exploiter's wallet after being...",
  "links": [
    "https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning",
    "https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning/"
  ],
  "image": "https://cdn.sanity.io/images/s3y3vcno/production/6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg",
  "content": "<div><h2>The victim was duped by a mimicked 0.05 ether transfer.</h2><p><span>Updated May 3, 2024, 2:13 p.m. </span><span>Published May 3, 2024, 2:07 p.m. </span></p></div><div><ul><li>A user unintentionally sent 1,155 wrapped bitcoin to an exploiter's wallet after being targeted by address poisoning.</li><li>The scam has been confirmed by various blockchain security firms.</li></ul><hr /><p>A cryptocurrency user has lost $68 million worth of wrapped bitcoin </p><p> after falling victim to an address poisoning exploit, according to <a target=\"_blank\" href=\"https://twitter.com/CertiKAlert/status/1786378165050306774\">blockchain security firm CertiK</a>.</p><p>Address poisoning is a technique that involves tricking the victim into sending a legitimate transaction to the wrong wallet address by mimicking the first and last six characters of the true wallet address and depending on the sender to miss the discrepancy in the intervening characters. Wallet addresses can be as long as 42 characters.</p><div><p><img alt=\"jwp-player-placeholder\" srcset=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fstaging%2Fac6bf763b67c66aeb40bc1b8d64de9e4fea8527f-2000x1500.png&amp;w=640&amp;q=75 640w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fstaging%2Fac6bf763b67c66aeb40bc1b8d64de9e4fea8527f-2000x1500.png&amp;w=750&amp;q=75 750w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fstaging%2Fac6bf763b67c66aeb40bc1b8d64de9e4fea8527f-2000x1500.png&amp;w=828&amp;q=75 828w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fstaging%2Fac6bf763b67c66aeb40bc1b8d64de9e4fea8527f-2000x1500.png&amp;w=1080&amp;q=75 1080w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fstaging%2Fac6bf763b67c66aeb40bc1b8d64de9e4fea8527f-2000x1500.png&amp;w=1200&amp;q=75 1200w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fstaging%2Fac6bf763b67c66aeb40bc1b8d64de9e4fea8527f-2000x1500.png&amp;w=1920&amp;q=75 1920w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fstaging%2Fac6bf763b67c66aeb40bc1b8d64de9e4fea8527f-2000x1500.png&amp;w=2048&amp;q=75 2048w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fstaging%2Fac6bf763b67c66aeb40bc1b8d64de9e4fea8527f-2000x1500.png&amp;w=3840&amp;q=75 3840w\" src=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fstaging%2Fac6bf763b67c66aeb40bc1b8d64de9e4fea8527f-2000x1500.png&amp;w=3840&amp;q=75\" /></p></div><p>In this case, the exploiter mimicked a 0.05 ether {{ETH}} transaction before receiving 1,155 WBTC from the victim.</p><p>Security platform <a target=\"_blank\" href=\"https://twitter.com/CyversAlerts/status/1786363410243858869\">Cyvers</a> and blockchain sleuth <a target=\"_blank\" href=\"https://t.me/investigations/114\">ZachXBT</a> confirmed that $68 million had been lost to an address poisoning scam.</p><p>Crypto investors <a target=\"_blank\" href=\"https://www.coindesk.com/tech/2023/12/27/crypto-users-lost-2b-to-hacks-scams-and-exploits-in-2023-defi-says/\">lost $2 billion to hacks</a>, scams and exploits across decentralized finance (DeFi) in 2023 and an additional <a target=\"_blank\" href=\"https://www.coindesk.com/video/crypto-lost-dollar333m-to-hacks-in-q1-of-2024-immunefi/\">$333 million was stolen</a> in the first quarter.</p></div><div><div><h5><a target=\"_blank\" href=\"https://www.coindesk.com/author/oliver-knight\">Oliver Knight</a></h5><div><p>Oliver Knight is the co-leader of CoinDesk data tokens and data team. Before joining CoinDesk in 2022 Oliver spent three years as the chief reporter at Coin Rivet. He first started investing in bitcoin in 2013 and spent a period of his career working at a market making firm in the UK. He does not currently have any crypto holdings.</p></div><p><a target=\"_blank\" title=\"X\" href=\"https://x.com/OKnightCrypto\"><svg width=\"16\" height=\"16\">X icon</svg></a><a target=\"_blank\" title=\"LinkedIn\" href=\"https://www.linkedin.com/in//oliver-knight-72918187\"><svg width=\"24\" height=\"24\"></svg></a><a target=\"_blank\" title=\"Email\" href=\"mailto:[email protected]\"><svg width=\"16\" height=\"16\"></svg></a></p></div><p><a target=\"_blank\" href=\"https://www.coindesk.com/author/oliver-knight\"><img alt=\"Oliver Knight\" srcset=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2Fc1ea23e66f3b643204bbf92d57a9119b32dc70c6-2316x2316.jpg%3Fw%3D64%26h%3D64%26fit%3Dcrop%26crop%3Dfocalpoint%26auto%3Dformat&amp;w=3840&amp;q=75 1x\" src=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2Fc1ea23e66f3b643204bbf92d57a9119b32dc70c6-2316x2316.jpg%3Fw%3D64%26h%3D64%26fit%3Dcrop%26crop%3Dfocalpoint%26auto%3Dformat&amp;w=3840&amp;q=75\" /></a></p></div><div><p>More For You</p><div><p>Harvard Reports $116M Stake in BlackRock’s iShares Bitcoin ETF in Latest Filing</p><figure><img alt=\"Harvard University library (Pascal Bernardon/Unsplash)\" srcset=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F16be9b8fe534bd3e5d2691e582d3619e4734e575-5472x3080.jpg%3Fauto%3Dformat&amp;w=1920&amp;q=75 1x, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F16be9b8fe534bd3e5d2691e582d3619e4734e575-5472x3080.jpg%3Fauto%3Dformat&amp;w=3840&amp;q=75 2x\" src=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F16be9b8fe534bd3e5d2691e582d3619e4734e575-5472x3080.jpg%3Fauto%3Dformat&amp;w=3840&amp;q=75\" /></figure><p>The position marks one of the largest known bitcoin allocations by a U.S. university endowment.</p><div><p>What to know: </p><div><ul><li>Harvard disclosed $116 million in BlackRock’s iShares Bitcoin Trust (IBIT) as of June 30.</li><li>The holding appears in the university’s quarterly 13-F filing with the SEC.</li><li>The move signals growing institutional adoption of spot bitcoin ETFs by traditional investors.</li></ul></div></div><p><a target=\"_blank\" href=\"https://www.coindesk.com/business/2025/08/08/harvard-reports-usd116m-stake-in-blackrock-s-ishares-bitcoin-etf-in-latest-filing\">Read full story<svg width=\"21\" height=\"21\"></svg></a></p></div></div>",
  "author": "@coindesk",
  "favicon": "https://www.coindesk.com/favicons/production/favicon-32x32.png",
  "source": "coindesk.com",
  "published": "2024-05-03t14:07:07.117z",
  "ttr": 63,
  "type": "website"
}