Cryptocurrency hacking is nothing out of ordinary, it happens more than we’d like. The latest scammer to make off with a large sum of tokens is an individual attacking Arbitrum wallets, a layer-2 scaling solution for Ethereum. The perpetrator hacked and exploited approximately 600 different wallets, making a total of 933,365 ARB tokens – that’s approximately 1.3 million US dollars.

The attack started on March 24 when the hacker ‘Fake_Phishing18’ created a malicious smart contract. The contract imitated the token claiming process, however, it would instead funnel tokens to the hacker’s wallets. It operated using a ‘address poisoning’ technique – the hacker sent arbitrary transactions to target users’ wallets, making them look similar to legitimate transactions and thus confusing victims into interacting with the malicious code.

The hacker also created a fake Arbitrum claiming site and spread it on social media. It looked nearly identical to the Arbitrum Foundation’s original website, with the only exception being that the original has a countdown for when the claiming process will end. Unsuspecting victims that interacted with the fake website simultaneously gave the hacker control over their wallets, allowing them to withdraw their tokens.

An independent blockchain intelligence firm, Arkham, reported that the address belongs to a hacker, and aside from the researchers confirming the attack, the clever detective work of Ethereum smart contract developer, Brainsy, was integral in exposing the malicious contract.

To prevent being a victim of address poisoning, experts advise being cautious when interacting with unfamiliar addresses and to double-check them on Blockchain explorers. As long as crypto trading is lucrative, there will be hackers coming up with crafty ways to obtain tokens. Users must practice continued vigilance to stay safe.



Other News from Today