The Florence Finance project, a credit lending project based on real-world assets, has suffered a complex phishing attack that resulted in approximately 1.45 million USDC loss. The attack was carried out through address poisoning, exposing the security vulnerabilities faced by crypto projects. This highlights the urgency for enhanced security measures in the digital finance sector.
Address poisoning is a common phishing technique that played a significant role in the Florence Finance attack. These attacks are known as malicious strategies to manipulate network behavior. They pose risks such as traffic redirection, service disruption, or unauthorized access to sensitive data.
Defending against address poisoning requires constant vigilance in detecting and mitigating potential threats through strong cybersecurity measures. Meir Dolev, co-founder and CTO of Cyvers, explained that this method involves creating an address that closely resembles a legitimate wallet address used by the victim.
Attackers can trick users into selecting the fake address by making slight changes to a few characters of the original address, relying on human error. In such cases, people mistakenly send the money to the attacker’s wallet.
Following the phishing incident, the hackers transferred the funds through multiple wallets and eventually converted them to Ethereum (ETH) before transferring to THORChain. Despite the suspicious transactions occurring on Sunday, Florence Finance has not made any public statements on Twitter to the community.
