Florence Finance Loses $1.45 Million in Address Poisoning Attack on RWA Lending Protocol

The decentralized finance ecosystem suffered yet another security breach as Florence Finance, a real-world asset (RWA) lending protocol, fell victim to an address poisoning attack that resulted in the loss of approximately $1.45 million worth of USDC. The incident, reported by blockchain security firm PeckShield, highlights the growing sophistication of social engineering tactics deployed against DeFi protocols and their operators.

The Exploit Mechanics

Address poisoning, also known as address spoofing, is a deceptive technique that exploits human oversight rather than smart contract vulnerabilities. In the Florence Finance attack, the perpetrator first generated a wallet address that closely resembled the protocol’s legitimate transaction partner address — sharing identical first and last characters while differing in the middle segments.

The attacker then sent a small amount of fake or dust tokens from this spoofed address to the Florence Finance treasury wallet. This transaction appeared in the protocol’s transaction history, creating a convincing decoy. When the Florence Finance team initiated a legitimate transfer of $1.45 million in USDC, they inadvertently copied the attacker’s address from their transaction history instead of the intended recipient, routing the funds directly to the scammer.

This type of attack preys on the common practice of copying wallet addresses from recent transaction records rather than verifying each character independently. With Ethereum-style addresses spanning 42 characters, most users only glance at the first few and last few characters — exactly the elements that the attacker matched.

Affected Systems

Florence Finance operates as a lending protocol focused on real-world asset tokenization, bridging traditional finance instruments with DeFi infrastructure. The protocol allows users to supply liquidity that is deployed against tokenized real-world assets such as invoices and credit instruments.

The $1.45 million USDC loss represents a significant portion of the protocol’s operational capital. USDC, as a fully-reserved stablecoin pegged to the US dollar, is the primary medium of exchange within the Florence Finance ecosystem. The attack compromised the protocol’s ability to process lending operations at full capacity during a period when Bitcoin was trading around $37,831 and the broader crypto market was experiencing renewed bullish sentiment.

The breach occurred during November 2023, which has emerged as the worst month for crypto hacks in 2023, with over $363 million stolen across multiple incidents. High-profile exploits including the Poloniex hack ($100 million) and the KyberSwap Elastic vulnerability ($48 million) contributed to a devastating month for DeFi security.

The Mitigation Strategy

Following the detection of the attack, blockchain security analysts recommended several immediate countermeasures. First and foremost, protocols should implement address verification systems that compare the full destination address character-by-character before executing high-value transfers. Automated whitelist contracts can ensure that funds only flow to pre-approved addresses that have undergone multi-signature verification.

Additionally, DeFi teams are advised to implement secondary confirmation steps for transactions exceeding a specified threshold. This could include a time-lock mechanism that delays execution by several hours, providing a window for review and potential cancellation. Hardware wallet integrations with address book features offer another layer of protection by storing verified addresses independently of the transaction history.

Industry-wide solutions being explored include ENS (Ethereum Name Service) adoption for protocol-level addresses, reducing reliance on hexadecimal strings. Some security firms have also developed browser extensions that detect and flag suspiciously similar addresses in transaction histories.

Lessons Learned

The Florence Finance incident reinforces a critical reality: the weakest link in DeFi security is often human rather than technical. While smart contract audits and formal verification protect against code-level exploits, address poisoning attacks bypass these defenses entirely by targeting operational practices.

Protocols managing large treasuries must treat address verification with the same rigor applied to smart contract security. The cost of implementing robust address verification infrastructure is negligible compared to the potential losses from a single successful poisoning attack.

The attack also underscores the importance of real-time monitoring tools. Blockchain analytics platforms like PeckShield, CertiK, and Cyvers can detect suspicious address patterns and alert protocols before funds are transferred. Early warning systems that flag newly created addresses matching existing counterparties could have prevented this $1.45 million loss entirely.

User Action Required

For users interacting with DeFi protocols, the Florence Finance hack serves as a stark reminder to verify every transaction destination thoroughly. Never copy wallet addresses directly from transaction histories without cross-referencing the full address string. Use address books built into hardware wallets or trusted software wallets, and enable any available address verification features on the platforms you use. If you are a liquidity provider on Florence Finance or similar RWA protocols, monitor official communications for updates on remediation efforts and any planned compensation distributions. Stay vigilant — as the crypto market continues to rally with Bitcoin above $37,000 and Ethereum near $2,050, the incentive for attackers only grows stronger.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before engaging with any DeFi protocol.