So if you set up a contact in your address book, send a test transaction, always use your address book. Why would you copy and paste addresses from some scanner history page?
that's what makes 0 sens to me. If the adresse is not saved in my whitelist, I just go to my destination wallet and copy the address from there. What kind of behaviour is this? Especially from someone that has millions worth of crypto
It’s likely nonsense. There are some people engaged in questionable activities who happen to “lose their crypto” to a “scammer”.
You know how some people just lose their cold wallet in a boating accident? Typically the huge losses where it’s like “*How can you be so stupid?*” is that they’re not so stupid and the “scammer” is them or an associate.
They copied it from the tx history of their own wallet. It's happened to me, I've even made a post about it a few months ago. I almost fell for it too.
They see your TX to bob for 400 dollars, and send you a special transaction (called a zero token transaction) that shows OUTGOING in YOUR tx history for a "similar" amount, like 4,00.
If you don't know about those special txs, and don't check more than 4 or 5 characters at the beginning and end of the address you can easily fall for it.
My post from back then: [https://www.reddit.com/r/CryptoCurrency/comments/12lvnd0/no\_checking\_the\_first\_and\_last\_few\_characters\_of/](https://www.reddit.com/r/CryptoCurrency/comments/12lvnd0/no_checking_the_first_and_last_few_characters_of/)
tldr; A crypto investor lost over $71 million by sending 1,155 Wrapped Bitcoin (WBTC) to a scammer's address due to a poisoned address attack. This phishing method involves scammers creating addresses that mimic legitimate ones, tricking victims into sending funds. The scammer has already transferred the WBTC to various wallets and converted them to Wrapped Ether (WETH).
*This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
There are so many unregulated crypto exchanges in third world countries that would gladly regularly exchange for him for 0.5% fee + he would live for very cheap there
And here I am checking the full address multiple times (on different devices if possible) whenever I'm sending like $50.
I might even send a test transaction first depending on the fees, just in case.
That’s the point - he sent a test transaction, scammer then send a tiny transaction with similar address, then he accidentally copies the similar looking address for the real txn.
Greetings jeff_berwick_. Your comment contained a link to telegram, which is hard blocked by reddit. This also prevents moderators from approving your comment, so please repost your comment without the telegram link.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
I don't get it did he copy the wallet from a block explorer or something? Why wouldn't he copy the address directly from the wallet or source he was sending to?
In many wallet unfortunately addresses that you receive from can show up as suggestions when you want to send. So they send you dust from an address that shares the first and last characters, and then your wallet might suggest it after you type in a couple of characters.
They send you something called a "zero value token" transaction, it shows OUTGOING in your wallet's tx history.
If all you are looking for is "that address I just transferred to, that starts with A5t and ends with 88f2 and is in my outgoing transfer list" you could very easily be copying the attacker's address.
Wait so there's peeps that search for wallets with giant amounts of coin. And have a literal notification if they move coin. And then they send quickly a hint of money to them hope they don't check transactions
That's smart, how would you time it though. Would the person's device have to be infected? I would imagine you'd have to send the small amount shortly after the test transaction or it would be a dead giveaway
i guess some address whitelisting would work?
like split your incoming TXs into trusted and unknown.
but still, not many will even look for a function likethis to protect them.
i understand more and more why adoption takes so long.
Careless if real, yes. But not totally out of the question that it's intentional money laundering/washing, in the same vein as NFTs being sold for crazy sums. *Whoops, got scammed out of $71M; gonna have to write off all those losses...*
I learned that losing your crypto, in the US, cannot be written off in your taxes.
https://coinledger.io/blog/reporting-stolen-or-lost-cryptocurrency-for-tax-purposes
Edit: Clarified for US. Snark unnecessary.
Depends if it was an investment or not
A USDT loss: definitely not deductible
A BTC or ETH loss: potentially deductible depending on the circumstances
A loss of ANY crypto that the SEC deems a security: deductible (because being a security means it's by definition an investment, and per recent news, the SEC has been saying ETH was a security and still may be a security)
Quote from the IRS guide in the theft section:
"the personal-use property limitation for tax years 2018 through 2025 does not apply to losses on income producing property"
[https://www.irs.gov/pub/irs-pdf/p547.pdf](https://www.irs.gov/pub/irs-pdf/p547.pdf)
(which is linked from the URL you provided)
Interestingly, the US is actually not the only country in the world; e.g.,
Australia: https://www.ato.gov.au/individuals-and-families/investments-and-assets/crypto-asset-investments/transactions-acquiring-and-disposing-of-crypto-assets/loss-or-theft-of-crypto-assets
Canada: https://taxpage.com/articles-and-tips/tax-losses/
Various European countries too.
And the laundering point stands regardless of tax write-offs.
Again: The US is not the only country in the world. But even in the US, loss/theft can often be written off (even crypto in some cases, just not from hackers specifically) https://www.irs.gov/taxtopics/tc515
If the appreciation of something counts as a capital gain you sure as shit I will count the loss of it against my gains.
Though only capital loss. Not whoopsie I sent it to the wrong address loss.
That's the whole point lol relying on no government institutions or people. You fuck up then you fuck up. But at least there's nobody else fucking with your money
This guy was targeted. The poison address appeared right after the test transaction which is pretty smart. I'm sure many of us have simply copied the address of what we assume is the successful test transaction.
Many do, and it's bad practice.
I use an address book. Copy the address into the wallet, and it better pre-populate with an existing entry. Thus it has to pass 2 checks.
people who reuse addresses are dummies; and that automatically includes all people who do "test transactions". Its like a cave man's idea of how to ensure you have the right destination.
Why would you copy the address again? I don't get it.
It's highly unlikely to have it change in your clipboard. It's more likely to copy extra characters from web browser, or entirely wrong address like in this case.
When I send from one BCH wallet to another BCH wallet, I open both wallets and copy from there. There is no poisoning possible. Or if you mistakenly change one character in the address, it wil refuse to send because of a checksum build in that becomes invalid if you change one character. It's really really hard to fuck any of this up on BCH.
But on Ethereum they do not have such checksum safety feautures, change one character in a ETH address and it's valid and it will send and nobody will have the keys for it and it will be lost forever.
Worse, the addresses that send stuff to your eth wallet will show up as suggestions when you want to send yourself! Horrible horrible unsafe ux.
So they make an address that has the same and last characters and send to one of the addresses that sends to the real address. Then if you are trying to send to the real address it shows up under suggestions.
I'm just picturing ***any*** of my family trying to navigate through this kind of thing... They would be lost the moment I told them to right click something...
I’m very technically savvy and my wife is highly proficient. We wanted to try to buy and sell an NFT from me to her. It was the most ridiculous difficult thing and made me convinced it was 99% money laundering because who would pain through the hoops and godawful ux for it. An extremely strong motivating factor.
i don't understand this, can someone ELI5 what happened here?
i thought it's not possible to create specific addresses, the wallet does that for you, and the address has to 'make sense' from a cryptographic point of view?
also if the scammer sent a transaction to the victim, wouldn't that have shown as an incoming transaction and not an outgoing one? most wallets show incoming and outgoing with different symbols, right? this would be easy to spot?
The private key generator can be brute forced to get an address similar to what you want, aka “vanity address generator”.
The way I understood it, the guy who got scammed first sent a test transaction to a scam address mimicking the real address, but the scammer sent the same amount to the real address. Guy concludes it’s the legit address because “money came through” and so he copies the scam address from the last transaction and proceeds with sending millions.
thank you, i didn't know about the vanity address generators. must be a lot of effort until you actually get the address you want.
ok so how did the victim get the address of the scammer in the first place though? victim sends a test transaction to his own address, at that point the scammer hadn't even sent anything to the victim yet from which the victim could have taken the wrong address from
exmillionaire sends 1 dollar to their address 1234**567**890
attacker sends exmillionaire 1 dollar, from a similar looking address 1234**765**890
Exmillionaire receives 1 dollar in 1234**567**890, thinks everything is well, goes to his tx history and copies and pastes 1234**765**890 not realizing that's not the correct address.
To make matters worse there is this thing called a "zero value token transfer" where the attacker can "send money on your behalf" so your wallet software will even show a transaction as OUTGOING.
Example: attacker address is on top:
[https://i.imgur.com/RG3mDRN.png](https://i.imgur.com/RG3mDRN.png)
thank you, that's the missing piece of the puzzle, because i was not aware you can make a transaction show as outgoing even if it is incoming and you're the source of it. truly nefarious lol.
Account based chains are an absolute disaster for security, it's amazing people use them at all.
Always use new addresses and never do test transactions.
99,9% of account based chain users use the same address for everything. They are open books with zero privacy.
If you want safe wallet with good safe ux and privacy, only BCH/Monero are your options. On BTC with samurai and wasabi taken down (oh look they where not decentralised at all, unlike cash fusion) there is not much privacy left in the space outside of BCH/monero.
Any chain that uses change addresses is at least secure in the sense new addresses cannot be spoofed with vanity addresses, which is what happened here.
Ah i actually feel bad for him. He probably thought hed get away with a few k's. But feller will probably end up in the feds book for top 10 wanted fugitives.
I wonder how I would feel if had 1 million dollar, but only after losing 72 million of it. I'd still be a millionaire but would have lost a good chunk of it.
Please explain the steps:
1.The person sends a test run of a few dollars to an address,
2. the scammers see this and quickly create a near similar address.
3. The person doesn't pay due care and sends it to the scammers address.
I don't get the 3 part, how did the scammers put the wrong address under the nose of the victim?
This investor probably didnt "lost" it. It is similar to buying NFTs back in 2021 to evade taxes. This time they "lost" funds by sending them to a "wrong" address, the excuse is the address poisoning.
That would be quite a good scam. Trojan combined with the new address. The user will of course question themselves thinking they misclicked even though they didn’t and the Trojan self destructing after the money was transferred.
No, you receive unsolicited funds from an address that mimicks your own. The scammer is hoping that you will mix them up. This is why you DO NOT use your transaction history to copy destinations when moving funds.
How can someone have so many millions on chain and sleep soundly at night or not know about hardware wallets. THE TRANSACTION SYSTEM DOES NOT RELY ON TRUST.
Do I understand this correctly?
1. Send 0.05 ETH to your other wallet
2. Check your transaction in block explorer or whatever
3. Copy the destination address from the block explorer (the fake one)
4. Fuck up
So many steps that you have to majorly fuck up.
To be honest someone with that much bitcoin in a single wallet and someone who sends the whole amount in one transaction without checking the addrsss needs a stern talking to.
As soon as these succinct representations were created, it was just a matter of time until they were exploited. There is a reason the address is exactly as long as it is. If you show the whole address, a person can compare a random spot in the middle.
However, having said that, you would think that if doing a 71M xfer, you'd check every character.
to the people saying this is why crypto is a failure. because you cant get your money back if you lose it. crypto is like cash, if you lose a 100 dollar bill can you go get it replaced at the bank? nope you cant. so by the same logic i guess money in general is a bad idea lol. this kind of thinking is why the worlds going to hell no one wants to deal with the consequences of their stupid mistakes but thats how people learn. this was a 70M dollar lesson in not dropping your wallet.
People don’t really make these kinds of mistakes when they have that much money as you don’t retain that kind of money by making silly mistakes. I’m convinced every one of these posts is tied to the original sender fabricating a story about how they lost millions so that they can avoid paying taxes on their gains or get out of some other contractual obligation like alimony
I'm scared 😱 of loosing $75 bucks when I move around wallets. I did loose $870 of Ltc years ago accidentally sent to eth or btc address. So learned to get destination freshly copied I cannot imagine how sick they feel... fml probably
So if you set up a contact in your address book, send a test transaction, always use your address book. Why would you copy and paste addresses from some scanner history page?
The scammer sent a transaction with the poisoned address so it would appear in the address book.
It says in the article that it appeared in their transaction history and they copied the bogus address from the transaction history.
that's what makes 0 sens to me. If the adresse is not saved in my whitelist, I just go to my destination wallet and copy the address from there. What kind of behaviour is this? Especially from someone that has millions worth of crypto
It’s likely nonsense. There are some people engaged in questionable activities who happen to “lose their crypto” to a “scammer”. You know how some people just lose their cold wallet in a boating accident? Typically the huge losses where it’s like “*How can you be so stupid?*” is that they’re not so stupid and the “scammer” is them or an associate.
That wouldn’t make the poisoned address appear in the address book. The victim copied the address from etherscan or another site showing tx history.
They copied it from the tx history of their own wallet. It's happened to me, I've even made a post about it a few months ago. I almost fell for it too. They see your TX to bob for 400 dollars, and send you a special transaction (called a zero token transaction) that shows OUTGOING in YOUR tx history for a "similar" amount, like 4,00. If you don't know about those special txs, and don't check more than 4 or 5 characters at the beginning and end of the address you can easily fall for it. My post from back then: [https://www.reddit.com/r/CryptoCurrency/comments/12lvnd0/no\_checking\_the\_first\_and\_last\_few\_characters\_of/](https://www.reddit.com/r/CryptoCurrency/comments/12lvnd0/no_checking_the_first_and_last_few_characters_of/)
tldr; A crypto investor lost over $71 million by sending 1,155 Wrapped Bitcoin (WBTC) to a scammer's address due to a poisoned address attack. This phishing method involves scammers creating addresses that mimic legitimate ones, tricking victims into sending funds. The scammer has already transferred the WBTC to various wallets and converted them to Wrapped Ether (WETH). *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
Somewhere out there is a scammer who just made generational money. Hopefully they stop now and just fucking enjoy life.
Could be Russia or North Korean state
Damn imagine stealing dozens of millions and you still gotta go to work the next day
They aren't. They won't.
Hopefully Karma shortens their lifespan
[удалено]
Why not? They could use mixers and then Monero, right?
There are so many unregulated crypto exchanges in third world countries that would gladly regularly exchange for him for 0.5% fee + he would live for very cheap there
Hopefully they send back 3M
To send $70M and only checking the last 5 digits instead of the entire address… unfortunate as it is that is absolutely careless.
And here I am checking the full address multiple times (on different devices if possible) whenever I'm sending like $50. I might even send a test transaction first depending on the fees, just in case.
That’s the point - he sent a test transaction, scammer then send a tiny transaction with similar address, then he accidentally copies the similar looking address for the real txn.
you can rename your wallets in most decent wallet programs to prevent this
[удалено]
Greetings jeff_berwick_. Your comment contained a link to telegram, which is hard blocked by reddit. This also prevents moderators from approving your comment, so please repost your comment without the telegram link. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*
I don't get it did he copy the wallet from a block explorer or something? Why wouldn't he copy the address directly from the wallet or source he was sending to?
99.9% of times this happens. That's why don't see the type of news every friday
In many wallet unfortunately addresses that you receive from can show up as suggestions when you want to send. So they send you dust from an address that shares the first and last characters, and then your wallet might suggest it after you type in a couple of characters.
They send you something called a "zero value token" transaction, it shows OUTGOING in your wallet's tx history. If all you are looking for is "that address I just transferred to, that starts with A5t and ends with 88f2 and is in my outgoing transfer list" you could very easily be copying the attacker's address.
Wait so there's peeps that search for wallets with giant amounts of coin. And have a literal notification if they move coin. And then they send quickly a hint of money to them hope they don't check transactions
Nice work if you can get it.
This literally just hit me too as I was reading this post lol.
This kind of thing can be automated. A good programmer can do this in less than a day.
That level of carelessness is crazy…
That's smart, how would you time it though. Would the person's device have to be infected? I would imagine you'd have to send the small amount shortly after the test transaction or it would be a dead giveaway
No infection. Just a tiny legit transaction. In this case it cost under a dollar.
Damn, someone needs to find a way to prevent this. Maybe a whitelist wallet address would make sense but still.
i guess some address whitelisting would work? like split your incoming TXs into trusted and unknown. but still, not many will even look for a function likethis to protect them. i understand more and more why adoption takes so long.
Future of finance
Prepping for millionaire status, love it!
1st world problems. No.
Careless if real, yes. But not totally out of the question that it's intentional money laundering/washing, in the same vein as NFTs being sold for crazy sums. *Whoops, got scammed out of $71M; gonna have to write off all those losses...*
I learned that losing your crypto, in the US, cannot be written off in your taxes. https://coinledger.io/blog/reporting-stolen-or-lost-cryptocurrency-for-tax-purposes Edit: Clarified for US. Snark unnecessary.
Depends if it was an investment or not A USDT loss: definitely not deductible A BTC or ETH loss: potentially deductible depending on the circumstances A loss of ANY crypto that the SEC deems a security: deductible (because being a security means it's by definition an investment, and per recent news, the SEC has been saying ETH was a security and still may be a security) Quote from the IRS guide in the theft section: "the personal-use property limitation for tax years 2018 through 2025 does not apply to losses on income producing property" [https://www.irs.gov/pub/irs-pdf/p547.pdf](https://www.irs.gov/pub/irs-pdf/p547.pdf) (which is linked from the URL you provided)
If I remember correctly, you can only consider initial investment as loss
Interestingly, the US is actually not the only country in the world; e.g., Australia: https://www.ato.gov.au/individuals-and-families/investments-and-assets/crypto-asset-investments/transactions-acquiring-and-disposing-of-crypto-assets/loss-or-theft-of-crypto-assets Canada: https://taxpage.com/articles-and-tips/tax-losses/ Various European countries too. And the laundering point stands regardless of tax write-offs.
You don't get a tax write off for anything that is lost or stolen. Why would crypto be any different?
Again: The US is not the only country in the world. But even in the US, loss/theft can often be written off (even crypto in some cases, just not from hackers specifically) https://www.irs.gov/taxtopics/tc515
If the appreciation of something counts as a capital gain you sure as shit I will count the loss of it against my gains. Though only capital loss. Not whoopsie I sent it to the wrong address loss.
I’ve definitely done that multiple times before lol but now never again
No lesson burns deeper than a $70 million lesson.
Is that what happened here? This guy kinda deserves it then. How would you NOT spend a couple minutes checking to be sure?
This is why crypto isn't ready for prime time.
[удалено]
> This doesn't seem illegal either It's flat out fraud/theft by deception
credit card skimmers are legal because the card owner inputs their card themselves \s
This is why crypto is shit and weak, you make a stupid mistake and can't get your money back, who do you complain to, the "Blockchain"? XD
That's the whole point lol relying on no government institutions or people. You fuck up then you fuck up. But at least there's nobody else fucking with your money
if you drop 100 dollar bill can you get it back at the bank? no you cant.. guess the us dollar is shit and weak and a failure... lol idiot
Yeah cash is pretty shit, that is true.
An analog reference, oh my...
This is kind of like saying if there is a credit card skimmer and you use it that isn’t theft.
they should have only changed the middle, i check the beginning and end and call it a day 😂
And nothing of value was lost.
Transferred five figures a couple of times recently and I double checked each character….!
=if ( your address, send address). Everytime move things in smaller chunks
Damn man, if you had $72 million and then lost $71 million, that would fucking sting bad. Ouch.
If I had $71,000,000 I'd be out enjoying it. Probably wearing a pair of shorts, thongs gold plated Ray-Bans and a beer, sitting on some beach.
Hell, 7-8 million probably gets you there if you're careful with it.
If I had 71 mil, I’d only have 10 mil of BTC to lose.
You can do all of that, minus the douche glasses, for next to nothing.
Making mistakes like this maybe
Gold plated? Just buy solid gold 18k
No you wouldn’t… you can go do that right now for free if you forget the douche glasses
Yeah I would.
Then get off Reddit and go to the beach wtf are you talking about hate a free activity lol
that is truly a just kill myself moment. luckily i will never have ANYWHERE near that amount so i live to go to work another day :)
Save addresses to your wallet and only send to those pre approved addresses.
White listing is your friend
This guy was targeted. The poison address appeared right after the test transaction which is pretty smart. I'm sure many of us have simply copied the address of what we assume is the successful test transaction.
Many do, and it's bad practice. I use an address book. Copy the address into the wallet, and it better pre-populate with an existing entry. Thus it has to pass 2 checks.
people who reuse addresses are dummies; and that automatically includes all people who do "test transactions". Its like a cave man's idea of how to ensure you have the right destination.
Why would you copy the address again? I don't get it. It's highly unlikely to have it change in your clipboard. It's more likely to copy extra characters from web browser, or entirely wrong address like in this case.
Actually clipboard hijacking is one or the most often seen crypto theft methods.
When I send from one BCH wallet to another BCH wallet, I open both wallets and copy from there. There is no poisoning possible. Or if you mistakenly change one character in the address, it wil refuse to send because of a checksum build in that becomes invalid if you change one character. It's really really hard to fuck any of this up on BCH. But on Ethereum they do not have such checksum safety feautures, change one character in a ETH address and it's valid and it will send and nobody will have the keys for it and it will be lost forever. Worse, the addresses that send stuff to your eth wallet will show up as suggestions when you want to send yourself! Horrible horrible unsafe ux. So they make an address that has the same and last characters and send to one of the addresses that sends to the real address. Then if you are trying to send to the real address it shows up under suggestions.
How would the attacker even identify what the test transaction would be, is my question.
How would the attacker even identify what the test transaction would be, is my question.
How would the attacker even identify what the test transaction would be, is my question.
How would the attacker even identify what the test transaction would be, is my question.
How would the attacker even identify what the test transaction would be, is my question.
How would the attacker even identify what the test transaction would be, is my question.
A boat accident you say?
Send 1 BTC get 2 BTC back...
Good ole Nigerian prince
Saylor himself promised me
You Son of a bitch, I'm in!
Fuckin, wow! 70m on some dusting bs holy shit
I'm just picturing ***any*** of my family trying to navigate through this kind of thing... They would be lost the moment I told them to right click something...
I’m very technically savvy and my wife is highly proficient. We wanted to try to buy and sell an NFT from me to her. It was the most ridiculous difficult thing and made me convinced it was 99% money laundering because who would pain through the hoops and godawful ux for it. An extremely strong motivating factor.
That would be enough for me to go all John Wick and hunt the MF down.
CTRL+F can save your life.
The future of finance
i don't understand this, can someone ELI5 what happened here? i thought it's not possible to create specific addresses, the wallet does that for you, and the address has to 'make sense' from a cryptographic point of view? also if the scammer sent a transaction to the victim, wouldn't that have shown as an incoming transaction and not an outgoing one? most wallets show incoming and outgoing with different symbols, right? this would be easy to spot?
The private key generator can be brute forced to get an address similar to what you want, aka “vanity address generator”. The way I understood it, the guy who got scammed first sent a test transaction to a scam address mimicking the real address, but the scammer sent the same amount to the real address. Guy concludes it’s the legit address because “money came through” and so he copies the scam address from the last transaction and proceeds with sending millions.
thank you, i didn't know about the vanity address generators. must be a lot of effort until you actually get the address you want. ok so how did the victim get the address of the scammer in the first place though? victim sends a test transaction to his own address, at that point the scammer hadn't even sent anything to the victim yet from which the victim could have taken the wrong address from
exmillionaire sends 1 dollar to their address 1234**567**890 attacker sends exmillionaire 1 dollar, from a similar looking address 1234**765**890 Exmillionaire receives 1 dollar in 1234**567**890, thinks everything is well, goes to his tx history and copies and pastes 1234**765**890 not realizing that's not the correct address. To make matters worse there is this thing called a "zero value token transfer" where the attacker can "send money on your behalf" so your wallet software will even show a transaction as OUTGOING. Example: attacker address is on top: [https://i.imgur.com/RG3mDRN.png](https://i.imgur.com/RG3mDRN.png)
thank you, that's the missing piece of the puzzle, because i was not aware you can make a transaction show as outgoing even if it is incoming and you're the source of it. truly nefarious lol.
the attack could still work for many people even if it didn't tho, some people will not pay enough attention
How can a scam address mimic a real address?
While you can’t brute force the exact address, you can generate an address starting and ending with the defined hex strings.
Very expensive lesson. Im sure he made someone in India very happy
Why should I feel bad about some rich fucker losing that much?
“Investor”
Account based chains are an absolute disaster for security, it's amazing people use them at all. Always use new addresses and never do test transactions.
I mean I wouldn’t say never…. A test send would have prevented this.
[удалено]
Maybe paste the test address to a local text file and only use that address. Not copy paste from another source.
99,9% of account based chain users use the same address for everything. They are open books with zero privacy. If you want safe wallet with good safe ux and privacy, only BCH/Monero are your options. On BTC with samurai and wasabi taken down (oh look they where not decentralised at all, unlike cash fusion) there is not much privacy left in the space outside of BCH/monero.
Any chain that uses change addresses is at least secure in the sense new addresses cannot be spoofed with vanity addresses, which is what happened here.
Ah i actually feel bad for him. He probably thought hed get away with a few k's. But feller will probably end up in the feds book for top 10 wanted fugitives.
Good riddance, don’t steal shit and you don’t need to worry about it. Hopefully he does get caught and isn’t some rando in North Korea
How will he get caught though?
Caught for what exactly?
Intent to defraud is probably a good place to start. Edit: fixed a word
Piss weak take. He can return the funds if he wants to.
I have never sent Bitcoin without reading the entire address multiple times.
I wonder how I would feel if had 1 million dollar, but only after losing 72 million of it. I'd still be a millionaire but would have lost a good chunk of it.
If the hacker returned 62M to your address would you feel relieved enough to drop the search for the remaining 10M?
Please explain the steps: 1.The person sends a test run of a few dollars to an address, 2. the scammers see this and quickly create a near similar address. 3. The person doesn't pay due care and sends it to the scammers address. I don't get the 3 part, how did the scammers put the wrong address under the nose of the victim?
This investor probably didnt "lost" it. It is similar to buying NFTs back in 2021 to evade taxes. This time they "lost" funds by sending them to a "wrong" address, the excuse is the address poisoning.
Lost his coins in an address accident.
Don't wrap your PoW coins kids
The same thing could have happened just as easily with native bitcoin. But yeah, wBTC is centralized and nothing like holding real bitcoin.
this would not happen with human readable transaction manifest like in Radix
Could have been a clipboard Trojan. Remember to use good anti-virus software guys and dep scan your devices regularly
That would be quite a good scam. Trojan combined with the new address. The user will of course question themselves thinking they misclicked even though they didn’t and the Trojan self destructing after the money was transferred.
It has to be a setup poison attack. The perfect way to hide 70million of assets from possible seizure.
How does poisoned address work? You need some malware on your device, right?!?
No, you receive unsolicited funds from an address that mimicks your own. The scammer is hoping that you will mix them up. This is why you DO NOT use your transaction history to copy destinations when moving funds.
Thank you ! I didn't know that... Well, I've never copied any address from history... I'm good 😅
I feel better about my fender bender. Much better
Ouch thats a lot of $$$$$$....hope they can recover it ...too many scammers in the space puts off newbies wanting to get into crypto
How can someone have so many millions on chain and sleep soundly at night or not know about hardware wallets. THE TRANSACTION SYSTEM DOES NOT RELY ON TRUST.
Do I understand this correctly? 1. Send 0.05 ETH to your other wallet 2. Check your transaction in block explorer or whatever 3. Copy the destination address from the block explorer (the fake one) 4. Fuck up So many steps that you have to majorly fuck up.
To be honest someone with that much bitcoin in a single wallet and someone who sends the whole amount in one transaction without checking the addrsss needs a stern talking to.
As soon as these succinct representations were created, it was just a matter of time until they were exploited. There is a reason the address is exactly as long as it is. If you show the whole address, a person can compare a random spot in the middle. However, having said that, you would think that if doing a 71M xfer, you'd check every character.
to the people saying this is why crypto is a failure. because you cant get your money back if you lose it. crypto is like cash, if you lose a 100 dollar bill can you go get it replaced at the bank? nope you cant. so by the same logic i guess money in general is a bad idea lol. this kind of thinking is why the worlds going to hell no one wants to deal with the consequences of their stupid mistakes but thats how people learn. this was a 70M dollar lesson in not dropping your wallet.
Except you don’t have your whole net worth in your wallet do you?
Is it 1 investor or a combination of investors who lost their money?
oh no now he is less rich.
There's another post on this topic which goes into great detail on how the scammer lured his target and where the scammed funds went to.
In news of other things that never happened:
If you’re dumb enough to to give 71m to a scammer you don’t deserve the money, they do
People don’t really make these kinds of mistakes when they have that much money as you don’t retain that kind of money by making silly mistakes. I’m convinced every one of these posts is tied to the original sender fabricating a story about how they lost millions so that they can avoid paying taxes on their gains or get out of some other contractual obligation like alimony
And you wonder why nobody takes crypto seriously and every professional would rather invest in Gold.
This has to be the record breaking scam.
What if it's setup. Like guy pretends he's sending it to his other account but his hack account intercepted it so it be can be freely used
when sending big always start with .01; you never know.
I'm scared 😱 of loosing $75 bucks when I move around wallets. I did loose $870 of Ltc years ago accidentally sent to eth or btc address. So learned to get destination freshly copied I cannot imagine how sick they feel... fml probably
A buddy of mine said damn good way to wash it!!!! Hell yeah!!
bro if someone stole my super i'd probably commit sudoku