Address Poisoning Cyber-Attack Steals $1.2 Million in ARB Tokens

A recent cyber-attack, referred to as "address poisoning," has resulted in the theft of $1.2 million worth of ARB tokens from more than 600 cryptocurrency wallets. This type of attack has gained popularity among hackers, as it capitalizes on user carelessness and haste by modifying wallet addresses to steal funds. The incident took place shortly after Arbitrum, a popular Ethereum layer-2 scaling solution, conducted its highly-anticipated airdrop of its native governance token, ARB.

Blockchain data reveals that a single crypto address has been stealing funds from Arbitrum users. The attacker has scammed out over 930,000 ARB tokens, worth over $1.2 million at current rates. The transfer of funds began on March 24, a day after the Arbitrum airdrop. The transfers were executed using a contract whose creator is tagged as "Fake_Phishing18" on Arbitrum's blockchain explorer. This indicates that users who lost their tokens likely interacted with the malicious contract by clicking a phishing link.

Numerous crypto users have taken to Twitter to share their experiences of falling victim to the attack. One user stated that they lost 7,250 ARB tokens, which were worth $10,000 at the time of the tweet. Ethereum smart contract developer Brainsy had previously warned about a malicious contract created by "Fake_Phishing18." On March 24, they explained that interacting with the contract generates an additional transaction request that appears to originate from the sender's wallet, but is, in fact, a phishing attack.

Address poisoning is a hacking technique that has gained traction more recently. It involves an attacker attempting to steal funds from a cryptocurrency wallet by altering the wallet's address. In early January, MetaMask warned that address poisoning attacks were on the rise. The Web3 wallet developer explained that hackers try to use an address with the same first and last few characters as the real transaction, hoping that users will not verify the full address and instead copy the attacker's address in future transactions. MetaMask advised users to protect themselves by double-checking the full address or using the Address Book feature.

On-chain analyst Lookonchain has reported that a fake ARB token has seen over $24,000 in transaction volume on the decentralized exchange (DEX) Uniswap. The blockchain investigator has urged the community to exercise caution when trading ARB. Arbitrum token claims began on March 23. Data from Nansen indicates that around 520,000 addresses have claimed almost 1 billion ARB tokens as of press time. This means that only 110,000 addresses are yet to claim their tokens from the eligible 625,143.

According to data from Coinpaprika, ARB is currently trading at $1.33, with little change over the past day. However, the coin has fallen nearly 90% compared to its all-time high of around $11.80. The recent address poisoning attack on Arbitrum users highlights the importance of vigilance and awareness in the cryptocurrency space. Users must be cautious when interacting with contracts and clicking on links, as well as verifying the full address when conducting transactions.