How long does it take you to make $70 million? One day? One year? That's probably hard to estimate.
But losing $70 million only takes one copy and paste—just a few seconds.
Just a few days ago, someone lost 1,155 WBTC (about 70 million USD) to hackers because they copied a similar address in the historical records. Considering that Bitcoin has just hit a new high and still has room to rise in the future, this loss is even more regrettable.
In fact, this phishing method with similar addresses is not the first time to "catch big fish", and it can even be said to be an "old scam" for many years. Previously, the wallet operator of Binance encountered a similar scam and 20 million USDT was stolen (foresightnews.pro/news/detail/27…). Fortunately, Tether helped freeze the funds in time.
This article will help you identify this type of phishing technique and give you some super practical suggestions to avoid cyber "one misstep that will last a lifetime".
🐞Two common "historical record pollution"
The hacker's purpose is simple: they hope that you will copy a similar phishing address they generated in the historical records (usually the first and last few bits are the same, but the middle is different), misleading you to transfer assets to the phishing address.
For example, in the case of the loss of 70 million US dollars mentioned earlier, the victim mistakenly took the phishing address "0xd9A1C3788D81257612E2581A6ea0aDa244853a91" as his commonly used transfer address "0xd9A1b0B1e1aE382DbDc898Ea68012FfcB2853a91", resulting in phishing.
The key to phishing is how to pollute your historical records.
1. Trailing transfer-in:
Whenever there are some transfers between the phishing target and the "common address", the hacker will follow up with a very small transfer (or possibly a 0 amount of tokens). The address of this trailing transfer is a similar phishing address generated for this "common address".
When you search for a "familiar" address in the history record and want to copy it, you may accidentally fall into the trap.
Still the example of losing $70 million -
This is a normal transfer: etherscan.io/tx/0xb18ab131d…
This is the hacker's trailing code, used to trick you into copying by mistake: etherscan.io/tx/0x87c6e5d56…
2. "USDT 0 transfer (outward transfer) scam"
Due to the characteristics of the TransFrom function of the USDT token contract, when the transfer amount is 0, a third party can initiate a transaction to transfer 0 USDT from the account owner's account to the recipient's account without the owner's permission.
In other words, hackers can transfer "0 USDT" from your account to their similar phishing address.
In a wallet without filtering function, this will be displayed in the history record as "Your address actively transferred to another address 0 USDT", thus misleading you into thinking that it was your own transfer operation.
When you need to copy a commonly used address, you will relax your vigilance and copy the address in this historical record. This is how Binance was stolen 20 million USDT.
This type of phishing is particularly rampant on the Tron network.
🤔️ What kind of people are likely to become targets of hackers?
If your address meets these two conditions:
1. Frequent large transfers
2. The transfer address is relatively fixed
Then the hacker will most likely "poison" the system and use Bot monitoring to do it automatically.
🙋 3 tips for prevention
1 "Give up copying and pasting from history"
If possible, copy from source.
For example, the address text provided in the exchange app, or switching wallet accounts to copy the address text.
Alternatively, use the "whitelist" function of all wallets to save frequently used addresses in advance. Some wallets also have a first-time transfer reminder function to remind users to confirm carefully.
This may be a bit more troublesome than copying directly from the history, but the safety factor is well worth it!
2 "Confirm again and again that there are enough digits"
Before sending a transaction, check the consistency of the destination address again.
The first and last 4 or 5 digits being identical is obviously not enough to confirm security, and the middle address needs to be checked.
In addition to preventing copying errors, it can also detect whether the clipboard has been hijacked. There have been related reports before that some malware will hijack the content of the copied encrypted wallet address and modify it to the hacker's address when pasting.
3 "Small amount transfer test"
Consider doing a test transaction by sending a very small amount, verifying that it succeeds, and then sending the full amount.
This may be a bit time-consuming and costly in gas, but for large transfers, this little bit of wear and tear is totally worth it.
Doing this will ensure that you are transferring funds to the correct wallet address and avoid losing a large amount of funds if it is a phishing address.
🍃 Conclusion
The best defense is to always be vigilant.
It is worth noting that this type of similar address phishing, like Permit signature phishing, has tended to be industrialized and automated, with clear division of labor and spoils. If the assets have been transferred and laundered by a professional hacker team, there is a high probability that they will not be able to get them back! So we still have to take precautions before they happen and not let them take advantage of any opportunity.
🙏 Finally, OneKey always puts the security of user assets first, pays attention to crypto security dynamics and shares outputs.
😎 Please like, collect and share this popular science article, and don’t let hackers get too arrogant.
There are both risks and opportunities in the cryptocurrency world. If you have not yet found a suitable team and guide, you may wish to contact Caishen through his homepage, where he will share free information and benefits with you. Remember, opportunities always come to those who are prepared.