Blockaid on Warpcast

Content pfp

https://ethereum.org

0 reply

0 recast

0 reaction

Blockaid pfp

Since January 1st of this year, there have been over 105,000 dust attacks, resulting in 33 incidents that collectively lost 591 ETH (~$1.7M). Including one attack that represented a loss of 261 ETH and another that resulted in the loss of 136.7 ETH. 🧵

1 reply

0 recast

0 reaction

Blockaid pfp

(2/9) But what is a dust attack? Essentially dust attack involves tiny, unsolicited cryptocurrency transactions sent to multiple wallets. The attackers ultimately hope to trick users into interacting with these small deposits, which could expose them to vulnerabilities.

1 reply

0 recast

0 reaction

Blockaid pfp

(3/9) These dust transactions emanate from addresses that match the first and last characters of the fake address to legitimate addresses previously transacted with by a given user. This sophisticated method targets wallets engaged in high-value Ethereum transactions.

1 reply

0 recast

0 reaction

Blockaid pfp

(4/9) The dust addresses send back a fixed portion of the value from the targeted transaction using a counterfeit address, intending to deceive users into mistakenly using this fake address for future transactions, potentially leading to significant loss of funds.

1 reply

0 recast

0 reaction

Blockaid pfp

(5/9) Here’s a live example of the user who was tricked into sending 50ETH to an attacker’s fake address:

1 reply

0 recast

0 reaction

Blockaid pfp

(6/9) We first see a Legitimate transaction https://etherscan.io/tx/0xfa832644aebf26ab93073d7dd019340634e09e7a301005535973971ea72de321 where the victim (0x16287a517499a467A349b70764A4ecAE56D1d2c9) sent 25.81 ETH to a legit destination (0x4f512126668388328EeA49732DE1249bf86Eb8Ea).

1 reply

0 recast

0 reaction

Blockaid pfp

(7/9) Shortly thereafter we see a ‘dust transaction’ https://etherscan.io/tx/0x9660541a9ec5b504b2c6efe72b524ed1a0c51d9edea9923ef433ac169418c885 where a fake dust address (0x4f512487a746AB1638B5fFb0D8321dBDFA6Fb8eA) similar to the previous transaction destination sent a small amount of ETH to the victim address.

1 reply

0 recast

0 reaction

Blockaid pfp

(8/9) About an hour later, the victim falls into scam https://etherscan.io/tx/0xd31b85e7148d840a5c4a5c4a8b125d69148bb9a88e29c23a5fdddec5fe936359 ultimately initiating a 50 ETH transaction, but mistakenly setting the destination as the dust address.

1 reply

0 recast

0 reaction

Blockaid pfp

(9/9) These attacks target active, high-value users who probably shouldn’t have to worry about dust transactions. While all Blockaid-protected users were proactively protected, it’s not enough – we need to protect every transaction in web3 full stop.

0 reply

0 recast

0 reaction