Crypto Finance analysts recently observed a potential social engineering attack on the Ethereum blockchain, in which victims are tricked into misdirecting funds to malicious addresses.
The attacker triggers zero token transfers to addresses that match addresses of the victim’s counterparties in the first 2 and last 6 digits but are owned by the attacker. By doing this, the attacker inserts those malicious addresses into the transfer-history of the victim. This is done in hope that victims might accidentally pick the wrong address from their transfer-history and credit the attacker instead of repeating a transfer to the true counterparty. The funds that are targeted by this attack are ERC-20 tokens. This attack has also been seen on other EVM-compatible (Ethereum Virtual Machine) blockchains like Binance, Avalanche and Polygon. Crypto Finance prevents such form of attacks by applying a naming convention to known addresses.
Please find the full report by clicking here.
All information mentioned above is provided for general information purposes only and with no warranty or liability for accuracy, completeness, or fitness for a particular purpose. No information provided in this document constitutes or is intended as investment advice. This document is not, and is not intended as, an offer, recommendation, or solicitation to invest in financial instruments, including crypto assets. Crypto Finance is a financial group supervised by the Swiss Financial Market Supervisory Authority FINMA on a consolidated basis, with Crypto Finance AG as a securities firm and Crypto Finance (Asset Management) AG as an asset manager for collective investments with the corresponding FINMA licenses. This document and its content, including any brand names, logos, designs, and trademarks, and all related rights, are the property of the Crypto Finance Group and Deutsche Börse Group. They may not be reproduced or reused without their prior consent.