Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
In a recent tweet, Shiba Inu team member Lucie shared a security notice for the SHIB community. Attackers have created thousands of lookalike wallet addresses intended to trick Safe Wallet users into sending funds to the wrong destination.
Lucie noted that this was not a protocol exploit, infrastructure breach, smart contract vulnerability nor a system compromise.
While 5,000 malicious addresses have been identified, flagged and are being removed from the Safe Wallet interface to reduce accidental interaction, Lucie urges the Shiba Inu community to take necessary precautions as such schemes are easy to replicate.
Such precautions include always confirming the full address or recipients outside the platform, using an address book or allow list and sending a small test transaction first. This might be essential, especially for high-value transfers.
What happened?
On Feb. 6, Safe Labs shared a security update with the crypto community, noting a large-scale address poisoning and social engineering campaign targeting multisig users.
A total of 5,000 addresses have been flagged as malicious via SafeShield (powered by its security partners) and are being removed from Safe Wallet’s UI, reducing the risk of accidental interaction.
Address poisoning and social engineering, like phishing, are becoming a growing threat in the crypto market.
In a recent incident, a crypto user lost $50 million due to a copy-paste address mistake. Before transferring 50 million USDT, the victim had sent 50 USDT as a test to his own address. The scammer immediately spoofed a wallet with the same first and last four characters and performed an address poisoning attack.
Since many wallets hide the middle part of the address with "..." to make the UI look better, many users often copy the address from transaction histories and usually only check the starting and ending letters. This error caused the user to send the remaining 49,999,950 USDT to the fake address copied from his transaction history.
The lesson in this incident is that of precaution, to always double-check addresses before making a transfer and never to copy addresses from transaction history for convenience.
Tomiwabold Olajide
Caroline Amosun
Godfrey Benjamin