Crypto Trader Loses $68M in Sophisticated Address-Poisoning Scam; Here’s How the Scam Unfolded

In a significant blow to the cryptocurrency community, an unidentified trader has fallen victim to a sophisticated address-poisoning scam, resulting in the loss of $68 million worth of Wrapped Bitcoin (WBTC) in a single transaction, per Cointelegraph. The alarming incident came to light through findings shared by on-chain security firm Cyvers in a detailed exposé posted on May 3.

The wallet identified as "0x1E" has suffered a staggering loss, with over 97% of its holdings depleted, amounting to a value exceeding $67.8 million, as reported by CoinStats. Address poisoning also referred to as address spoofing, exploits hurried, and inattentive behavior of traders during transactions. This deceptive tactic lures victims into transferring their digital assets to fraudulent addresses owned by scammers.

The cryptocurrency industry continues to grapple with persistent scams, which undermine mainstream trust. In April, investors were defrauded of at least $33 million in digital assets related to the ZKasino gambling platform. Dutch authorities arrested a suspect on April 29 in connection with the ZKasino scam. Despite the ZKasino incident, April witnessed a decrease in cryptocurrency losses to scams and hacks, totaling $25.7 million. This figure represents the lowest recorded since 2021 when on-chain intelligence firm CertiK began tracking such data.

According to the report, losses from hacks, exploits, and scams decreased by 141% compared to the previous month, largely attributed to fewer compromises of private keys. In April, only three private key leaks occurred, in contrast to March which saw over 11 attacks involving private key compromises. CertiK's reported figures do not incorporate the $33 million ZKasino incident. Despite acknowledging the controversy surrounding the project, CertiK has refrained from categorizing it as a scam at this point.

On April 22, ZKasino moved all 10,515 Ether deposited by investors into the Lido staking protocol, heightening worries among investors. CertiK's report indicated that they would revise their data if ZKasino's malicious intentions were confirmed. Recent developments suggest positive strides in the cryptocurrency realm, particularly in security enhancements and increased awareness among users to safeguard against hacks and scams. Despite a notable decrease in incidents, crypto attacks remain a significant concern within the industry. According to CertiK, a staggering $502 million worth of digital assets were pilfered through 223 hacks and exploits during the initial quarter of 2024. This underscores the ongoing importance of vigilance and robust security measures in the crypto space.

In a recent development, the Federal Bureau of Investigation (FBI) apprehended New York resident Idin Dalpour on May 1 for allegedly orchestrating a multi-year Ponzi scheme that defrauded investors of $43 million, per Crypto News. The arrest was made following charges filed by a New York court. According to a press release issued by the Manhattan District Attorney's office, Dalpour is accused of enticing unsuspecting investors with promises of lucrative returns, masking the true nature of his operation—a sophisticated Ponzi scheme that operated from 2020 until April 2024.

Investors both in the United States and internationally were targeted by Dalpour through a controlled entity, with investments solicited for fictitious ventures, including a Las Vegas hospitality business and a crypto trading operation. Idin Dalpour allegedly enticed investors with the promise of exceptionally high annual returns, starting at 42%, underpinned by purported insurance and escrow arrangements to provide a false sense of security in their investments. This deceptive tactic was revealed by US Attorney Damian Williams, who stated: "Idin Dalpour told investors that they could reap huge returns by investing through him in a purported Las Vegas hospitality business and a crypto trading operation." To substantiate these extravagant claims, Dalpour reportedly employed fabricated contracts, falsified bank statements, and fictitious email correspondence, ultimately convincing investors of the viability of the ventures.