Crypto Investor Loses $70M in Tricky Address Scam

As an analyst with a background in cybersecurity and crypto investments, I cannot help but feel a deep sense of sympathy and caution after reading about this unfortunate incident. The fact that someone lost $70 million in just a few hours due to a devious address scam is nothing short of shocking.


A person who invests in cryptocurrency suffered significant losses after unwittingly becoming a victim of a cunning scheme, costing them over $70 million in Wrapped Bitcoin (WBTC) value.

The six-hour long occurrence has caused significant turbulence in the cryptocurrency market, serving as a reminder of the importance of exercising extreme caution when handling digital funds.

As an analyst, I’ve observed that based on available information, an investor is known to have established a fresh crypto wallet and transferred a modest quantity of Ethereum (ETH) for this purpose. This practice is prevalent in the decentralized finance (DeFi) sector as it helps in managing transaction fees that may be incurred in future activities.

I can’t believe it! Someone just lost a staggering amount of $71M worth of WBTC (1,155 units) due to a phishing attack. It’s hard to wrap my head around such a significant loss.— Lookonchain (@lookonchain) May 3, 2024

Meanwhile, an unscrupulous individual had been observing the investor, biding their time to execute a deceitful scheme.

As a researcher studying cybersecurity threats in the cryptocurrency world, I’ve come across a cunning tactic used by scammers known as address poisoning. By creating an address with identical starting and ending characters to that of a potential victim’s new address, they manipulate the system and deceive unsuspecting investors. The allure lies in the fact that many crypto wallets hide the middle part of addresses for aesthetical purposes, making it simpler for users to overlook subtle differences and inadvertently send their funds to the wrong address.

A malicious attack called “address spoofing” can deceive you by manipulating the middle part of a cryptocurrency wallet address while keeping the first 4 and last 4 characters unchanged. Be cautious not to verify transactions solely based on these checked characters.

— Ric “el pony esponjoso” (@fluffypony) May 3, 2024

In a clever ploy, the con artist manipulately transferred no Ethereum (ETH) to the unsuspecting investor, thereby making the fraudulent address visible in the investor’s transaction history. Subsequently, when the investor attempted to transfer their 1,155 Wrapped Bitcoin (WBTC) holdings, valued approximately at $70 million, they mistakenly used the scammer’s meticulously fabricated address, assuming it was their own.

Read More

Sorry. No data so far.

2024-05-05 13:56