Arbitrum Safe targeted by homograph attack

BumpyTale · March 11, 2024, 1:54pm

Our Arbitrum Safe 7/14 was targeted by a homograph attack, where the scammer generated an Ethereum address closely resembling a trusted address by changing a few characters. This tricked the signers into thinking the transaction is legitimate and it thus achieved the 7/14 threshold.

I assumed that only signers can initiate transactions so we’re wondering how this could happen? All of the signers are trusted and well-known so it’s hard to believe that the scam transaction has been set up by one of them.

This is the scam transaction. Fortunately the stolen amount was small.

BumpyTale · March 11, 2024, 2:24pm

The incident has been resolved. It’s a case of address spoofing/poisoning with the attacker using fake USDC and mimicking the currently active transaction.

So we didn’t sign this fraudulent transaction in reality. It only appears we did. I’ve seen such transactions before, but don’t understand how it works.

lukas · March 11, 2024, 7:22pm

Yeah, it’s quite a nasty was to try to trick people: Address Poisoning Scam: What You Need to Know and How to Protect… — Safe

Topic		Replies	Views
Multisig for incoming transactions❓ Infrastructure	2	421	August 20, 2022
How to create a safe on Arbitrum by retaining same Ethereum safe address and owners General Discussion	9	2300	November 16, 2023
Unable to recover signer address using api/v1/safes/{address}/multisig-transactions Wallet Web	2	325	July 13, 2023
Am I The Owner of This Safe General Discussion	5	542	March 23, 2023
Create Safe - Ethereum address from Safe - Optimism Address General Discussion	1	463	June 27, 2023

Arbitrum Safe targeted by homograph attack

Related Topics