- User sends crypto to some address, say 0x1234...abcd
- An attacker identifies a pattern of the user sending crypto to that address
- Attacker brute-forces a similar looking wallet address, say 0x1235...bbcd - this is the phishing address that the attacker controls
- Attacker sends a fake transaction of crypto from the user's address to the phishing address
- User, wanting to send another txn, sees that wallet in their recent history and uses the phishing address
This is a common scam in crypto and it has been relatively unsuccessful up until now. Someone sending $20M worth of USDT had extremely bad security practices. Typically you would avoid this by having a known, whitelisted addresses you send to and a complex process to add new addresses to the whitelist to ensure you don't fat-finger an address.
The attacker basically calls Transfer(From your address, to phishing address, quantity 0)
They can't actually transfer any crypto because your approval for that token is zero. But they can technically transfer zero tokens from your address to another one. Then some wallet interfaces pick this up and display it as a transfer.
6 comments
[ 3.2 ms ] story [ 24.2 ms ] threadwowwwwwwwww 10hrs ago someone sent $20m to one of the address poisoning / 0-value transfer spams
bad addy 0xa7bf48749d2e4aa29e3209879956b9baa9e90570
real addy 0xa7b4bac8f0f9692e56750aefb5f6cb5516e90570
https://etherscan.io/address/0xa7bf48749d2e4aa29e3209879956b...
- User sends crypto to some address, say 0x1234...abcd
- An attacker identifies a pattern of the user sending crypto to that address
- Attacker brute-forces a similar looking wallet address, say 0x1235...bbcd - this is the phishing address that the attacker controls
- Attacker sends a fake transaction of crypto from the user's address to the phishing address
- User, wanting to send another txn, sees that wallet in their recent history and uses the phishing address
This is a common scam in crypto and it has been relatively unsuccessful up until now. Someone sending $20M worth of USDT had extremely bad security practices. Typically you would avoid this by having a known, whitelisted addresses you send to and a complex process to add new addresses to the whitelist to ensure you don't fat-finger an address.
"Attacker sends a fake transaction of crypto from the user's address to the phishing address"
Can you explain what you mean by this, how this works?
Another nail in the coffin for cryptocurrency.
Thank you, scammers and scammees!