Florence Finance, a real-world asset lending project, recently fell victim to a sophisticated phishing attack resulting in a substantial loss of $1.45 million.
This incident serves as a stark reminder of the vulnerabilities that crypto projects face in the ever-evolving landscape of digital finance.
In a strategic move, scammers exploited a common phishing technique known as Address Poisoning.
This involves creating a wallet address closely resembling a legitimate one, relying on users’ tendencies to use autofill features or glances at their address book.
The attackers capitalized on human error, diverting funds to their wallet instead of the intended recipient.
The funds, initially stolen through the phishing wallet 0xB087, were escalated through subsequent wallets, ultimately reaching 0x88E2.
This wallet then facilitated the transfer of funds to THORChain after converting them to Ethereum (ETH).
The project’s team has not issued a statement on their official X account, to apologize for the incident which has left a lot quite surprised.
Florence Finance is one of the many DeFi projects that have been targeted by hackers and scammers in recent months.
In early October, Friend.tech users complained of hacks that involved SIM swap attacks, an instance where hackers intercept 2FA codes on the user’s phone to complete a transaction.
Read full details here: Friend.tech Users Face Hacks: No 2FA, Overridden by Bots and Centralized Accusations
According to a report by CipherTrace, DeFi-related hacks and frauds have accounted for 21% of the total cryptocurrency thefts and losses in 2023, amounting to $474 million.
The report also warned that phishing attacks are becoming more sophisticated and prevalent, as hackers exploit the lack of regulation and security in the DeFi sector.
Deddy Lavid, co-founder and CEO of Cyvers, emphasized the orchestrated nature of the attack, highlighting the imperative for heightened vigilance and advanced security protocols in the digital finance sector.
The investigation revealed the need for collaborative efforts to fortify security infrastructure and prevent future phishing incidents.
Cyvers is actively collaborating with Florence Finance to enhance its security protocols and prevent future phishing incidents.
In an industry where multi-million dollar attacks are becoming commonplace, these collaborative efforts and proactive security measures are crucial to safeguarding digital assets.