Usually, when someone wants to perform a transaction online, they follow a typical pattern –
- They cross check whether the recipient’s details are correct.
- If the recipient is new, they first send a small amount to see if the receiver gets the payment.
- If the receiver successfully receives the token payment, the rest of the amount is sent.
Now, when it comes to crypto payments, the payment address is a long string of alphabets and numbers, and it becomes a bit cumbersome to manually verify the complete address before a transaction. This has led to people adopting a rather half-baked approach, where they verify only the first few and last few characters of the address. This is where the hackers’ exploit comes into play. Since most people ignore the middle characters, it becomes easy for them to manipulate the addresses to suit their nefarious intentions and the common man suffers in the process.
The way the hackers operate is that they send the test transaction to the actual receiver address, while the bulk remainder payment is then forwarded to a smart contract that receives the payment and then the hackers withdraw the same into their accounts.
