Poisoned addresses attack. A constant threat

BY KEYHUNTER 08.02.2024
Poisoned addresses attack. A constant threat

In recent weeks, a wild number of transactions with an amount of 0 have been observed in ethereal networks.
As of December 27, 2022, more than 500,000 of these were created.

More than two million dollars were stolen.

In this article, I will tell you in detail how exactly this works and will conduct a full analysis of how
these were created “poisoned addresses”.

Especially vulnerable in this situation are those who use simple wallet-applications on Android,
for example the popular “Trust”. Such users need to be especially careful when creating transactions.

How it all started.

Monitoring the ETH and BSC networks suddenly discovered that strange transfers amounting to 0
began to occur frequently on these networks.
We have taken the following BSC blockchain transactions as an example to illustrate what is happening.

The attack process involves 3 addresses. A – “trusted recipient of funds from the victim” B – “victim” and C – the hacker himself.
After A sends a normal transaction to send 452 BUSD to USER B, USER B
immediately receives 0 BSC-USD from unknown C.
At the same time, within the same transaction hash, A himself will transfer 0 BUSD to C’s address
(performing a transfer operation of 0 BUSD “back and forth”)

Poisoned addresses attack. A constant threat



Many social network users have already noticed this problem. But its reasons remained unclear.
Some new way of compromising private keys or wallet seed phrases was supposed.
What does an ordinary user do when he sees strange activity on his address?
Right!
In a panic, he tries to withdraw his funds to another wallet and
immediately falls for the robber’s bait.

Poisoned addresses attack. A constant threat



In fact, panic is exactly what the attacker wants.
Your private keys still remain safe and no one has stolen your seed phrase yet.

The attack method is very simple. like everything ingenious:

1. The completion of a transaction for any significant amount is tracked
2. The hacker creates his address C with the same first and last characters
as the address of user B, then 0 BUSD is transferred to victim A from address C.
3. Next time (and probably even right away, in a wave of panic),
the victim copies a “familiar” address from his payment history. Is this how you send transactions? 🙂
And as a result, the payment goes to the hacker’s address.

Poisoned addresses attack. A constant threat




The hacker makes his address appear in the user’s transaction history,
enticing the user to mistake it for a trusted interaction address.
Additionally, the hacker creates an address that has the same first and last digits as the user’s trusted address.
and is often used by the user for the following transactions.

Inattentive users were vulnerable to loss of capital due to such poisoning.

As of December 28, the number of attacks on the BSC and ETH blockchains exceeded 390,000 and 90,000, respectively,
and the number of addresses affected by attacks exceeded 300,000 and 46,000, respectively.

In terms of trends, the BSC blockchain has been attacked since November 22, and the ETH blockchain has been attacked since November 27,
with the scale of attacks on both blockchains only increasing.

Additionally, it can be seen that there is significant regularity in the timing of attacks,
with the volume of attacks decreasing significantly between 17:00 UTC and 0:00 UTC each day.
The resourceful attackers are likely located in the Asian time zone.

Poisoned addresses attack. A constant threat



As of December 28, the scam has succeeded with a total of 94 unique addresses
worth a total of $1,640,000, and with the attackers’ targets increasing, it is expected
that many more users will fall into this trap in the near future.

Poisoned addresses attack. A constant threat




Don’t get caught 🙂

Useful information for enthusiasts:

Contact me via Telegram: @ExploitDarlenePRO