{"id":76140,"date":"2023-03-24T14:34:19","date_gmt":"2023-03-24T12:34:19","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=76140"},"modified":"2025-09-10T15:38:54","modified_gmt":"2025-09-10T12:38:54","slug":"hackers-steal-500000-from-arbitrum-users-through-vanity-address-spoofing","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hackers-steal-500000-from-arbitrum-users-through-vanity-address-spoofing\/","title":{"rendered":"Hackers steal $500,000 from Arbitrum users through vanity-address spoofing"},"content":{"rendered":"<p>Unknown actors during the Arbitrum airdrop that began yesterday siphoned $500,000 by forging vanity addresses of legitimate token recipients. This drew attention from Twitter users.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Someone made $500k+ by claiming Arbitrum airdrop with hacked vanity addresses <a href=\"https:\/\/t.co\/aSWmx7MySS\">pic.twitter.com\/aSWmx7MySS<\/a><\/p>\n<p>\u2014 jq (@jackqack) <a href=\"https:\/\/twitter.com\/jackqack\/status\/1638933532763381765?ref_src=twsrc%5Etfw\">March 23, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Vanity addresses <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-stole-an-additional-950000-due-to-profanity-vulnerability\"> are vulnerable to brute force<\/a> \u2014 a systematic enumeration of all possible character combinations. Hackers created wallets that mirrored those entitled to receive ARB tokens, and directed the coins to them.<\/p>\n<p>Affected users are attempting to resolve the issue on their own.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Dear <a href=\"https:\/\/twitter.com\/kucoincom?ref_src=twsrc%5Etfw\">@kucoincom<\/a> my stolen <a href=\"https:\/\/twitter.com\/search?q=%24ARB&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ARB<\/a> token has been transferred to your exchange by the hacker. How can you help?<\/p>\n<p>\u2014 CryptoLord NE ?? (@CryptoDefiLord) <a href=\"https:\/\/twitter.com\/CryptoDefiLord\/status\/1638936617996959744?ref_src=twsrc%5Etfw\">March 23, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to analytics firm Nansen, participants in the airdrop have already received more than 914 million ARB or 79% of the total 1.1 billion ARB allocated for distribution in the first phase. 138,671 addresses have not yet claimed governance tokens.<\/p>\n<p>The ARB airdrop that began on March 23 caused network congestion, temporarily rendering the Arbitrum Foundation sites and the on-chain explorer Arbiscan unavailable.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unknown attackers during the Arbitrum airdrop that began yesterday siphoned $500,000 by forging vanity addresses of legitimate token recipients.<\/p>\n","protected":false},"author":1,"featured_media":76141,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1158,1335,44],"class_list":["post-76140","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-airdrops","tag-arbitrum-arb","tag-cybercrime"],"aioseo_notices":[],"amp_enabled":true,"views":"20","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/76140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=76140"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/76140\/revisions"}],"predecessor-version":[{"id":76142,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/76140\/revisions\/76142"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/76141"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=76140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=76140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=76140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}