Arbitrum Safe targeted by homograph attack

Our Arbitrum Safe 7/14 was targeted by a homograph attack, where the scammer generated an Ethereum address closely resembling a trusted address by changing a few characters. This tricked the signers into thinking the transaction is legitimate and it thus achieved the 7/14 threshold.

I assumed that only signers can initiate transactions so we’re wondering how this could happen? All of the signers are trusted and well-known so it’s hard to believe that the scam transaction has been set up by one of them.

This is the scam transaction. Fortunately the stolen amount was small.

1 Like

The incident has been resolved. It’s a case of address spoofing/poisoning with the attacker using fake USDC and mimicking the currently active transaction.

So we didn’t sign this fraudulent transaction in reality. It only appears we did. I’ve seen such transactions before, but don’t understand how it works.


Yeah, it’s quite a nasty was to try to trick people: Address Poisoning Scam: What You Need to Know and How to Protect… — Safe