The address 0xd674 regularly transferred funds to the management company Galaxy Digital. The attacker who tracked the transactions created a 'poisonous address' that had the first and last four characters matching the deposit address of Galaxy Digital. From his 'poisonous address', the fraudster began sending the victim 'cryptocurrency dust' — transactions with micro-dollars of tokens, cybersecurity specialists reported.
As a result, the victim copied an address from the transaction history to, as usual, send funds to Galaxy Digital, but instead of the correct address, they copied a 'poisonous' one, and the money went to the attacker.
Security experts advise double-checking wallets before making a transfer and not copying addresses from transaction history for convenience.
Previously, blockchain security specialist Andrey Sergeenkov noted a surge in 'crypto dust attacks' (address poisoning) on the Ethereum network. In just a few days, over $740,000 was stolen from victims, with $509,000 taken from a single user, Sergeenkov found. He linked the attack to the December update Fusaka, which significantly reduced transaction fees on Ethereum and made the dust scheme profitable for fraudsters.
In mid-January, the number of transactions on the Ethereum network reached a record: the average weekly figure was 2.43 million — twice as much as a year ago. Over the last month, the number of active addresses on the network nearly doubled: in just the last week, an average of 327,000 new addresses were created daily.