Arbitrum Safe targeted by homograph attack

BumpyTale · March 11, 2024, 1:54pm

Our Arbitrum Safe 7/14 was targeted by a homograph attack, where the scammer generated an Ethereum address closely resembling a trusted address by changing a few characters. This tricked the signers into thinking the transaction is legitimate and it thus achieved the 7/14 threshold.

I assumed that only signers can initiate transactions so we’re wondering how this could happen? All of the signers are trusted and well-known so it’s hard to believe that the scam transaction has been set up by one of them.

This is the scam transaction. Fortunately the stolen amount was small.

BumpyTale · March 11, 2024, 2:24pm

The incident has been resolved. It’s a case of address spoofing/poisoning with the attacker using fake USDC and mimicking the currently active transaction.

So we didn’t sign this fraudulent transaction in reality. It only appears we did. I’ve seen such transactions before, but don’t understand how it works.

lukas · March 11, 2024, 7:22pm

Yeah, it’s quite a nasty was to try to trick people: Address Poisoning Scam: What You Need to Know and How to Protect… — Safe

Topic		Replies	Views
Multisig for incoming transactions❓ Infrastructure	2	495	August 20, 2022
Request for Feedback on “Chain Abstraction with Safe and ERC-4337” Featuring P2P Liquidity Network General Discussion	1	68	November 19, 2024
[Discussion] Compromised Safe has allocated airdrop, how to solve? Safe Guardians	8	1694	December 15, 2023
Subject: Urgent Help Needed - Unexpected Transactions from My Wallet Safe Ecosystem	3	481	August 17, 2023
How to create a safe on Arbitrum by retaining same Ethereum safe address and owners General Discussion	10	3529	September 24, 2024

Arbitrum Safe targeted by homograph attack

Related topics