The address, which the Lookonchain platform previously called an “airdrop hunter”, stole 933,000 ARB tokens from 630 Arbitrum users. Analyst company Arkham Intelligence reported that the wallet belongs to a scammer who swindles funds using a phishing scheme.
Upon closer examination of the transactions, it turned out that the attacker received 933,365 ARB from another Arbitrum address on March 24, the day after the airdrop. The source of these tokens is another contract, the creator of which is marked as Fake_Phishing18 in the Arbitrum explorer.
Independent blockchain researcher 0xKnight also confirmed that he found messages from victims of the hack. Users complained that their ARB tokens were “automatically transferred” to hackers’ wallets.
Smart contract developer Brainsy has also signaled a malicious contract created by Fake_Phishing18. According to them, when interacting with the contract, an additional transaction request is created, which looks like it comes from the sender’s wallet, but is actually a phishing attack.
Fraudsters attacked Arbitrum users using “address poisoning”
MetaMask developers have previously warned about the possibility of such attacks and called them “address poisoning”. The scam involves sending random transactions from wallets very similar to those the user has already interacted with.
In this case, the attacker appears to have used both a phishing attack via a malicious smart contract and address poisoning. Fake_Phishing18 is also linked to another address called Fake_Phishing47 that deployed a fake Arbitrum contract on March 21st.
In the screenshot below, you can see that the account labeled Fake_Phishing18 created the contract and then transferred ownership to Fake_Phishing47.
The same organization could create a fake Arbitrum website – if users connected their wallets to it, control over them passed to hackers.
#scammer #stole #million #Arbitrum #tokens