“Address Poisoning” is a new cryptocurrency scam that deceives users into transferring funds to other wallets instead of the intended recipient.
While it’s not the most aggressive cryptocurrency scam, Address Poisoning still tricks many into funding crypto fraudsters. Fortunately, it is easy to detect and avoid even by the least tech-savvy users.
What is Address Poisoning?
Crypto users should be familiar with the wallet’s transaction list, which contains all the “Send” and “Receive” transfers. This list provides details on the token type and the transferred amount. It also includes a short form of the addresses involved in the transaction. Let’s take Ethereum’s example, which addresses look something like this “0x213…52b7.” And it is the latter data providing fraudsters with a reason to deceive users.
Scammers “poison” the wallet’s transaction history with addresses that take the same form. However, in their case, the tiny dots hide entirely different digits than the original ones. As a result, they confuse users into sending funds to the wrong addresses.
The fraudsters target long hexadecimal addresses when monitoring the blockchain network for new transactions. According to MetaMask, (a wallet service provider that warned its users about the scam too) they track specific transfers involving particularly lucrative tokens. Next, they select a target and use a vanity address generator to create addresses similar to those used by the wallet owners. Generally, the address repeats the first and last characters while keeping the middle ones close to the originals.
This process takes less than a minute to complete. The scammer then sends the victim a tiny amount of cryptocurrency. Sometimes, the transaction may not contain any crypto, but it is enough to log itself in the wallet’s history.
Most crypto wallets provide a one-click function to copy the long address from their transaction history. However, the original address and the poisoned one look identical in their short forms. Therefore, the user has a 50/50 chance of copying the scammer’s address when sending funds in a future transaction. From there on, the scammer sits back and hopes the user will not discover their wallet is poisoned and send them the crypto intended for someone else.
How to Avoid the Address Poisoning Scam?
After warning users about the new scam, MetaMask also provides an easy solution against Address Poisoning. You can avoid becoming a victim of the scam just as easy as the fraudsters use it against you. Simply put, users must check every single character in the wallet address they wish to fund.
Moreover, users should look out for incoming, unexpected transactions from similar addresses to those in their wallets’ history. Usually, these dummy transactions contain negligible amounts of crypto or even $0. Upon discovering these transactions, revisit the transaction lists and identify the poisoned addresses.
Lastly, users should remember that transactions on the blockchain are irreversible. This means that sending funds to the incorrect address will result in forever lost capital. Therefore, you must take all precautions and double-check addresses in their entirety before transferring cryptocurrency.
MetaMask is one of the most popular providers of crypto storage solutions. Therefore, it is unsurprising that scammers target their users frequently, as was the case with last year’s phishing scam. Nevertheless, the wallet provider is always quick to alert its users of new threats and how to avoid them.
There are many cryptocurrency scams, with new ones popping up almost daily. So, remember to stay safe when navigating the crypto space.