RWA Protocol Florence Finance Loses $1.45M in Address Poisoning Attack

On Nov. 30, blockchain security firm PeckShield reported that Florence Finance had been attacked.

The protocol has reportedly lost $1.45 million in USDC in an attack called “address poisoning.” At the time of writing, there were very few details about the hack and nothing on the Florence Finance X (Twitter) feed or Telegram channel.

#PeckShieldAlert #FlorenceFinance fell victim to a #AddressPoisoning scam, resulting in a loss of ~$1.45M $USDC.
Intended address: 0xB087cfa70498175a1579104a1E1240Bd947f5870
Phishing address: 0xB087269DE7ba93d0Db2e12ff164D60F0b3675870 pic.twitter.com/x1BJ77lhFv

— PeckShieldAlert (@PeckShieldAlert) November 30, 2023

Address Poisoning

PeckShield reported that the transaction was sent to a phishing address instead of the intended address.

“This is an example of a scammer creating an address that resembles one to which the intended victim had previously sent funds.”

The addresses are very similar, with the same beginning and end characters used to dupe the victim into sending to it without paying attention to the full address.

The attackers use an address generator to create a nearly identical address to the target’s wallet address.

They will then send a tiny amount of crypto from the newly-created matching address wallet to the target’s wallet to poison the transaction history.

The victim then mistakingly copies the poisoned address from transaction history instead of its own records and sends money to the hacker’s wallet.

According to reports, malicious actors have been abusing Ethereum’s ‘Create2’ function to bypass wallet security alerts and poison addresses. This has led to the theft of around $60 million in crypto from almost 100,000 accounts in six months.

Florence Finance is an Arbitrum-based real-world asset DeFi lending protocol that enables users to borrow digital assets against their real-world collateral.

According to the documentation, it uses stablecoin commitments to fund loans to real-world businesses and distributes the real-world yield back to the stablecoin funders.

Big Month for DeFi Exploits

November has been a busy month for DeFi and crypto hackers. On Nov. 30, PeckShield also reported that the Uranium Finance attacker was moving funds.

#PeckShieldAlert #UraniumFinance exploiter-labeled address has transferred 800 $ETH (~$1.6M) to #tornadocash pic.twitter.com/XkqYV83YwX

— PeckShieldAlert (@PeckShieldAlert) November 30, 2023

According to the De.Fi Yield Rekt Database, millions in crypto assets have been lost this month to hacks and exploits.

These include KyberSwap losing $45 million in a flash loan attack on Nov. 23 and HTX losing $21 million in an access control exploit on Nov. 22.

Furthermore, Heco Bridge was exploited for $86 million this month, and Onyx Protocol lost $2 million in a flash loan attack.