Review of the wallet theft! Scammers' opportunities are always present
$ETH $XRP $ETH 【Warning! Copy-pasting caused him to lose 50 million dollars overnight——your wallet may also be unsafe】
Recently, an extremely covert "address poisoning" attack caused a cryptocurrency trader to almost instantly lose nearly 50 million dollars. Just because of a common habit that many people fall into, 49,999,950 USDT fell into the hands of scammers within minutes.
This incident has once again brought cryptocurrency security to the forefront——it turns out that high-tech thieves often do not exploit system vulnerabilities but rather the oversights in everyone's daily operations.
🔍 Incident Review:
The trader initially transferred 50 USDT to his wallet for testing as a precaution. However, this normal operation was captured by the attacker, who quickly generated a "counterfeit address": the beginning and ending characters of this fake address were exactly the same as the victim's real address.
Since most wallets and browsers will omit parts of long addresses (displayed in a format similar to 0xBAF4…F8B5), this fake address looked "identical" to the real address.
Subsequently, the attacker sent a small amount of money from this fake address to the victim, causing this forged address to appear in the victim's transaction history.
When the victim made a subsequent large transfer, he, like many others, copied the receiving address directly from the history——not realizing that it was precisely the trap set by the scammers.
😢 A simple copy-paste cost nearly 50 million dollars.
On-chain investigator Specter lamented: "It is speechless to lose such a huge amount of money because of such a simple mistake. If only a few more seconds were spent copying the address from the source instead of selecting it from the history, all of this could have been avoided."
Even more lamentable is that after discovering the problem, the victim sent an on-chain message to the attacker, promising to provide 1 million dollars as a "white hat bounty," just hoping to recover 98% of the funds. But as of the time of publication, the funds have still not been recovered.
⚡ How was the money transferred?
After the theft, the attacker exchanged the large amount of USDT for DAI within 30 minutes, then converted it to about 16,690 ETH, and finally completed the money laundering through the mixer Tornado Cash, leaving no trace.
