This User May Have Just Lost $68M to Address Poisoning

man shocked looking at his phone

The unknown trader may have lost over 97% of their asset portfolio, over $67.8 million. 

An unknown trader has reportedly lost a whopping $68 million worth of Wrapped Bitcoin (WBTC) in a single transaction in an address-poisoning scam. 

WBTC, an ERC-20 token on the Ethereum blockchain pegged to Bitcoin. It allows for the use of Bitcoin in smart contracts and makes the world’s largest cryptocurrency more accessible on decentralized exchanges (DEX).

Address poisoning, a strategy often employed by malicious actors that involves manipulating the receipt address during a transaction. In this case, the unknown trader fell victim to a well-organized attack in which the destination address was changed, and all funds were diverted to the attacker’s wallet instead of the intended recipient.    

How the Scam Was Revealed

On-chain security firm Cyvers initially disclosed the $68 million theft in a post on the X platform on May 3.   

“Are we mistaken, or has someone truly lost $68 million worth of $WBTC? Our system has detected another address falling victim to address poisoning, losing 1,155 $WBTC,” Cyvers Alert shared.  

According to CoinStats, wallet “0x1E,” identified as the victim, has lost more than $67.8 million, or over 97% of its entire asset portfolio. 

Fraud Linked to ZKasino

Meanwhile, last month, investors lost over $33 million in a fraud linked to the ZKasino gambling platform. On April 29, Dutch authorities apprehended a suspect connected to the scam.    

Despite the ZKasino incident, crypto losses due to scams and hacks in April were estimated to be $25.7 million, the lowest figure recorded since 2021, when on-chain intelligence firm Certik began monitoring the data.   

The report indicates a 141% decrease in losses from hacks, exploits, and scams compared to the previous month. The decline is primarily attributed to a lack of private key compromise. There were only three private key leaks in April, whereas they experienced over 11 attacks in March.

Lastly, ZKasino compounded investor worries by transferring all 10,515 Ether (ETH) deposited on April 22 into the Lido staking protocol. CertiK’s report noted that if ZKasino were confirmed as a malicious actor, the firm would adjust its data accordingly.