A cybercriminal has successfully pilfered $1.2 million in ARB tokens, utilizing an emerging form of cyberattack that manipulates wallet addresses to misappropriate assets.
According to blockchain records, a single cryptocurrency address has been siphoning off funds from users of the Arbitrum platform. To date, the malefactor has deceived more than 600 distinct crypto wallets, accumulating over 930,000 ARB tokens. Given the current market rates, this theft amounts to a staggering $1.2 million.
The illicit fund transfers were initiated on March 24, just one day post the much-anticipated airdrop executed by Arbitrum, a renowned Ethereum layer-2 scalability solution. It’s noteworthy that ARB serves as the core governance token underpinning this L2 network.
Crucially, these unauthorized transfers were executed through a contract that’s labeled as “Fake_Phishing18” within Arbitrum’s blockchain explorer platform. This detail suggests that affected users likely became ensnared after interacting with this deceitful contract, presumably lured by a phishing hyperlink.
Several individuals in the crypto community have taken to Twitter to voice their unfortunate experiences with the scam. One user lamented, “Lost 7250 arb token to the hacker. Currently valued at $10,000 at the time of this tweet.”
Brainsy, an Ethereum smart contract developer, had also previously sounded the alarm about the dubious contract associated with “Fake_Phishing18”. On March 24, Brainsy explained the mechanics of the deceptive scheme, noting that when users engage with the contract, it triggers an additional transaction request. On the surface, this request seems to emanate from the user’s own wallet, but in reality, it’s a masked phishing attempt.
Brainsy elaborated, “When I initiate a transfer, the fraudulent contract simultaneously triggers a ‘transaction’ which seems to originate from my own wallet. I believe this is a tactic to bait me into interacting with the malicious contract.”
What is “Address Poisoning” and Why is it on the Rise?
The hacking technique in discussion, recently seeing a surge in popularity amongst cybercriminals, is dubbed “address poisoning.” It exploits users’ tendency to act hastily and without thorough verification.
In such an attack, cybercriminals endeavor to pilfer cryptocurrency by subtly altering the wallet’s address. The goal is to redirect funds meant for one destination to an address controlled by the attacker.
Back in early January, MetaMask, a prominent Web3 wallet provider, raised an alert about the increasing frequency of “address poisoning” incidents. They highlighted that malefactors craft an address that mirrors the beginning and end characters of a legitimate transaction address. This deceptive tactic banks on the assumption that users might overlook the complete address and inadvertently use the attacker’s in future transactions.
To mitigate such risks, MetaMask advised, “Ensure that you meticulously verify the entire address or utilize the Address Book feature for enhanced security.”
On a related note, on-chain expert Lookonchain revealed that a counterfeit ARB token has registered a transaction volume exceeding $24,000 on the decentralized exchange (DEX), Uniswap. Given this alarming development, Lookonchain cautioned the crypto community to exercise prudence when trading ARB tokens.
In related news, claims for the Arbitrum token began on March 23. Based on data collated by Nansen, nearly 520,000 addresses have staked their claim to almost 1 billion ARB tokens as of the latest update. This statistic implies that of the 625,143 qualified addresses, a balance of 110,000 addresses are yet to make their respective claims.
As per the current metrics provided by CoinMarkCap, the ARB token is presently trading at an approximate value of $1.33, showing little variation in the last 24 hours. However, in a broader perspective, the token has seen a significant depreciation, registering a decline of nearly 90% from its record peak, which was close to $11.80.