Ah true but I should try again today then

TLDR: Address poisoning is a thing.
Paper: arxiv.org/abs/2501.16681
Real-time website: cryptotrade.cylab.cmu.edu/poisoning/
Real-time twitter bot:
x.com/toxin_tagger
(no BlueSky bot yet, sorry, soon I hope)
(7/7 end)

We simulated the lookalike address generation process across various software- and hardware-based implementations. One large attacker group appears to use GPUs for this attack! The paper also discusses some defenses. (6/7)

We discovered a few large attack entities using clustering techniques. Larger groups are vastly profitable and win against smaller attack groups. We uncovered some attack strategies, such as populations they target, success conditions, and cross-chain attacks. (5/7)

We developed a detection system and performed measurements on two years of ETH and BSC. We identified 13x the number of attack attempts reported previously—in all, 270M on-chain attacks targeting 17M victims. 6,633 incidents have caused at least 83.8M USD in losses. (4/7)

The attacker generates “lookalike” addresses that resemble the victim’s recipient’s address, engages with the victim to “poison” the transaction history, and fools the victim into sending their assets to the attacker by mistake. (3/7)

Background: Crypto wallet addresses are usually impossible to memorize. As a result, users often select addresses from their recent transaction history, which facilitates phishing-like attacks: blockchain address poisoning. (2/7)

Details: it's likely that there are some symbol mismatches between some homebrew libraries linked against old OpenGL libs and the new OpenGL shipping with Sequoia. This drove me nuts. So I'm posting this here in hopes people don't waste their time. Oh, and don't ask an LLM, they're clueless.