I don't do a lot of trading or crypto-oriented transactions but I do more than zero. I believe as though I am being fastidious when I double and triple check everything that I do but upon reading about this story that someone forwarded to me I realized that this sort of scam would have worked on me for one very simple reason: I think that when most of us look at deposit addresses that are really long that we only verify the first and last say, 3-5 digits. That is apparently what happened here and wow, did this whale, whoever he is, pay for the mistake.
src
So the article that my friend sent to me can be viewed here and no, it's not behind a paywall or something stupid like that.
What happened was the whale's account was being monitored (or so it is presumed) and the hacker(s) somehow managed to get a deposit address that was exactly the same on the front and back end of the address.
My apologies if I am using the wrong terms here but I am not well-versed in the naming conventions, just kind of what they mean.
Without lining them up on top of one another consider the similarities between 0xd9A1b0B1e1aE382DbDc898Ea68012FfcB2853a91 , which is the whale's address and 0xd9A1C3788D81257612E2581A6ea0aDa244853a91
Now think about what you would do if you were visually confirming the legitimacy of an address. For me, anytime I have faced this situation in the past I did what I think most people would do and that is to verify just the starting and ending digits which if that is what you do as well, at a quick glance the brain would suggest that these are the same addresses.
Now you might be thinking that "they are obviously different addresses" but let's be honest, do you think that because you already know that there is a difference based on where it is that you are reading this?
I think that most people's eyes aren't really good enough to verify huge amounts of digits in a row and if you are like me, you have likely been operating off of the "fact" that it has always been presumed that the opportunity for 2 addresses to be even remotely similar would be EXTREMELY SMALL. It is extremely small as it turns out and in order to end up with this address, according to the source that I read it from, it would have taken the hacker(s) 1,152,921,504,606,846,976 attempts to randomly end up with an address that had the same digits on the front and back end as well as have the wallet also be legitimate. Do you even know what such a number would be called? It's more than a thousand trillion so I don't think most people do know what to call it without looking the name of such a number up.
I don't even know how one does something like that and I am not going to look into it because I lack the resources to really attract any big hackers in my direction.
I will learn from this example though because even though I don't have anywhere near even 1BTC in any wallet, I do know that I would be devastated if I were to all of a sudden lose a bunch of it.
I guess I should start doing something like verifying a few digits in the middle, which i suppose could also be replicated with enough tries on the part of the hacker(s) but I think they will likely always just be aiming for the end digits.
I guess that at the end of the day all of us have to accept that it is us, and only us, that are responsible for protecting our assets. This whale certainly learned a lesson in those 80 minutes. Wow!
That is like a $70 million error ad a rude mistake at that. Sadly this is crypto and it is an easy thing to do and you just hope that whatever you do you will be more careful.
Like the cowboy guy below said, this should serve as a wake up call to all of us
Yeehaw partner, this post is a wake-up call to be vigilant and double-check those crypto addresses! It's all about protecting our assets in this wild digital frontier. Stay sharp and stay safe, cowboy!
Indeed, if it can happen to someone that involved, it can happen to any of us
Gather 'round, y'all! Share your tales and let the warmth of community lift your spirits. Happy Midweek, amigos!