Exploiter Steals $68M Worth of Crypto Through Address Poisoning

https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning/

The victim was duped by a mimicked 0.05 ether transfer.

Updated May 3, 2024, 2:13 p.m. Published May 3, 2024, 2:07 p.m.

Address poisoning scam yields $68 million (Kevin Ku/Unsplash)

A user unintentionally sent 1,155 wrapped bitcoin to an exploiter's wallet after being targeted by address poisoning.
The scam has been confirmed by various blockchain security firms.

A cryptocurrency user has lost $68 million worth of wrapped bitcoin (WBTC) after falling victim to an address poisoning exploit, according to blockchain security firm CertiK.

Address poisoning is a technique that involves tricking the victim into sending a legitimate transaction to the wrong wallet address by mimicking the first and last six characters of the true wallet address and depending on the sender to miss the discrepancy in the intervening characters. Wallet addresses can be as long as 42 characters.

In this case, the exploiter mimicked a 0.05 ether {{ETH}} transaction before receiving 1,155 WBTC from the victim.

Security platform Cyvers and blockchain sleuth ZachXBT confirmed that $68 million had been lost to an address poisoning scam.

Crypto investors lost $2 billion to hacks, scams and exploits across decentralized finance (DeFi) in 2023 and an additional $333 million was stolen in the first quarter.

More For You

As stablecoins evolve into core financial infrastructure, North America leads. This report maps the regulation, market shifts, and players driving adoption.

Why it matters:

Stablecoins are entering their third phase of evolution - the institutionalization era - becoming increasingly embedded into core financial infrastructure. As institutions prioritize transparency and compliance, regulated issuers like USDC, RLUSD, and PYUSD are steadily gaining share with RLUSD surpassing $1B in market cap within its first year. North America, leading in regulatory frameworks and institutional distribution, is at the center of it all.

View Full Report

More For You

StraitsX, a Singapore-based company, has seen rapid growth in its stablecoin card program, with a 40x surge in transaction volume and an 83x increase in card issuance between 2024 and 2025.

What to know:

StraitsX, a Singapore-based company, has seen rapid growth in its stablecoin card program, with a 40x surge in transaction volume and an 83x increase in card issuance between 2024 and 2025.
The company's infrastructure powers stablecoin-backed cards for partners like RedotPay, which processed over $2.95 billion in card volume in...

Read full story

{
  "by": "gulced",
  "descendants": 0,
  "id": 40248755,
  "score": 2,
  "time": 1714749898,
  "title": "Exploiter Steals $68M Worth of Crypto Through Address Poisoning",
  "type": "story",
  "url": "https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning/"
}

{
  "author": "Oliver Knight",
  "date": "2024-05-03T14:13:48.835Z",
  "description": "A cryptocurrency user has lost $68 million worth of wrapped bitcoin (WBTC) after falling victim to an “address poisoning” exploit, according to blockchain security firm CertiK.",
  "image": "https://cdn.sanity.io/images/s3y3vcno/production/6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg?auto=format&w=960&h=540&crop=focalpoint&fit=clip&q=75&fm=jpg",
  "logo": null,
  "publisher": "CoinDesk",
  "title": "Exploiter Steals $68M Worth of Crypto Through Address Poisoning",
  "url": "https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning"
}

{
  "url": "https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning",
  "title": "Exploiter Steals $68M Worth of Crypto Through Address Poisoning",
  "description": "The victim was duped by a mimicked 0.05 ether transfer.Updated May 3, 2024, 2:13 p.m. Published May 3, 2024, 2:07 p.m. Make  preferred on Address poisoning scam yields $68 million (Kevin Ku/Unsplash)A user...",
  "links": [
    "https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning",
    "https://www.coindesk.com/business/2024/05/03/exploiter-steals-68m-worth-of-crypto-through-address-poisoning/"
  ],
  "image": "https://cdn.sanity.io/images/s3y3vcno/production/6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg?auto=format&w=960&h=540&crop=focalpoint&fit=clip&q=75&fm=jpg",
  "content": "<div><div><h2>The victim was duped by a mimicked 0.05 ether transfer.</h2><p><span>Updated May 3, 2024, 2:13 p.m. </span><span>Published May 3, 2024, 2:07 p.m. </span></p><p><a target=\"_blank\" href=\"https://www.google.com/preferences/source?q=coindesk.com\">Make <svg width=\"83\" height=\"16\"></svg> preferred on <svg width=\"51\" height=\"20\"></svg></a></p></div><div><figure><img alt=\"Address poisoning scam yields $68 million (Kevin Ku/Unsplash)\" srcset=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg%3Fauto%3Dformat&amp;w=640&amp;q=75 640w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg%3Fauto%3Dformat&amp;w=750&amp;q=75 750w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg%3Fauto%3Dformat&amp;w=828&amp;q=75 828w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg%3Fauto%3Dformat&amp;w=1080&amp;q=75 1080w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg%3Fauto%3Dformat&amp;w=1200&amp;q=75 1200w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg%3Fauto%3Dformat&amp;w=1920&amp;q=75 1920w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg%3Fauto%3Dformat&amp;w=2048&amp;q=75 2048w, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg%3Fauto%3Dformat&amp;w=3840&amp;q=75 3840w\" src=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2F6923046d9a52fac72269f7dd0d26ff84da658711-3240x1823.jpg%3Fauto%3Dformat&amp;w=3840&amp;q=75\" /><figcaption>Address poisoning scam yields $68 million (Kevin Ku/Unsplash)</figcaption></figure></div><div><ul><li>A user unintentionally sent 1,155 wrapped bitcoin to an exploiter's wallet after being targeted by address poisoning.</li><li>The scam has been confirmed by various blockchain security firms.</li></ul><hr /><p>A cryptocurrency user has lost $68 million worth of wrapped bitcoin (WBTC) after falling victim to an address poisoning exploit, according to <a href=\"https://twitter.com/CertiKAlert/status/1786378165050306774\" target=\"_blank\">blockchain security firm CertiK</a>.</p><p>Address poisoning is a technique that involves tricking the victim into sending a legitimate transaction to the wrong wallet address by mimicking the first and last six characters of the true wallet address and depending on the sender to miss the discrepancy in the intervening characters. Wallet addresses can be as long as 42 characters.</p><p>In this case, the exploiter mimicked a 0.05 ether {{ETH}} transaction before receiving 1,155 WBTC from the victim.</p><p>Security platform <a href=\"https://twitter.com/CyversAlerts/status/1786363410243858869\" target=\"_blank\">Cyvers</a> and blockchain sleuth <a href=\"https://t.me/investigations/114\" target=\"_blank\">ZachXBT</a> confirmed that $68 million had been lost to an address poisoning scam.</p><p>Crypto investors <a target=\"_blank\" href=\"https://www.coindesk.com/tech/2023/12/27/crypto-users-lost-2b-to-hacks-scams-and-exploits-in-2023-defi-says/\">lost $2 billion to hacks</a>, scams and exploits across decentralized finance (DeFi) in 2023 and an additional <a target=\"_blank\" href=\"https://www.coindesk.com/video/crypto-lost-dollar333m-to-hacks-in-q1-of-2024-immunefi/\">$333 million was stolen</a> in the first quarter.</p></div><div><p>More For You</p><div><a target=\"_blank\" href=\"https://www.coindesk.com/research/the-definitive-stablecoin-landscape-series-north-america\"><figure><img alt=\"16x9 Image Stablecoin Landscape Series\" srcset=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2Fe41ef038d45a3ef0a8e9e529dd13ed183d8975a9-1920x1080.png%3Fauto%3Dformat&amp;w=1920&amp;q=75 1x, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2Fe41ef038d45a3ef0a8e9e529dd13ed183d8975a9-1920x1080.png%3Fauto%3Dformat&amp;w=3840&amp;q=75 2x\" src=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2Fe41ef038d45a3ef0a8e9e529dd13ed183d8975a9-1920x1080.png%3Fauto%3Dformat&amp;w=3840&amp;q=75\" /></figure></a><p>As stablecoins evolve into core financial infrastructure, North America leads. This report maps the regulation, market shifts, and players driving adoption.</p><div><p>Why it matters: </p><p>Stablecoins are entering their third phase of evolution - the institutionalization era - becoming increasingly embedded into core financial infrastructure. As institutions prioritize transparency and compliance, regulated issuers like USDC, RLUSD, and PYUSD are steadily gaining share with RLUSD surpassing $1B in market cap within its first year. North America, leading in regulatory frameworks and institutional distribution, is at the center of it all.</p></div><p><a target=\"_blank\" href=\"https://www.coindesk.com/research/the-definitive-stablecoin-landscape-series-north-america\">View Full Report<svg width=\"21\" height=\"21\"></svg></a></p></div></div><div><p>More For You</p><div><a target=\"_blank\" href=\"https://www.coindesk.com/business/2026/03/29/stablecoin-payments-go-invisible-in-southeast-asia-as-crypto-card-business-surges\"><figure><img alt=\"(CreditMapr.nl/Unsplash)\" srcset=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2Ff5ee6a9da5edb9737179aba07ed6eac24796d85c-1920x1282.jpg%3Fauto%3Dformat&amp;w=1920&amp;q=75 1x, https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2Ff5ee6a9da5edb9737179aba07ed6eac24796d85c-1920x1282.jpg%3Fauto%3Dformat&amp;w=3840&amp;q=75 2x\" src=\"https://www.coindesk.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fproduction%2Ff5ee6a9da5edb9737179aba07ed6eac24796d85c-1920x1282.jpg%3Fauto%3Dformat&amp;w=3840&amp;q=75\" /></figure></a><p>StraitsX, a Singapore-based company, has seen rapid growth in its stablecoin card program, with a 40x surge in transaction volume and an 83x increase in card issuance between 2024 and 2025.</p><div><p>What to know: </p><div><ul><li>StraitsX, a Singapore-based company, has seen rapid growth in its stablecoin card program, with a 40x surge in transaction volume and an 83x increase in card issuance between 2024 and 2025.</li><li>The company's infrastructure powers stablecoin-backed cards for partners like RedotPay, which processed over $2.95 billion in card volume in...</li></ul></div></div><p><a target=\"_blank\" href=\"https://www.coindesk.com/business/2026/03/29/stablecoin-payments-go-invisible-in-southeast-asia-as-crypto-card-business-surges\">Read full story<svg width=\"21\" height=\"21\"></svg></a></p></div></div></div>",
  "author": "@coindesk",
  "favicon": "https://www.coindesk.com/favicons/production/android-chrome-512x512.png",
  "source": "coindesk.com",
  "published": "2024-05-03T14:07:07.117Z",
  "ttr": 75,
  "type": "newsarticle"
}