In address poisoning, scammers exploit absentmindedness when copying and pasting wallet addresses.
MetaMask notified the crypto community of a new type of scam called “address poisoning” in a recent post.
The scam was rated as “rather innocuous compared to other scam types.” However, the company warned that address poisoning still has the potential to dupe unsuspecting users into losing funds.
“Address poisoning is an attack vector that, in contrast to other scams — which often use methods that have served many scammers so well, such as unlimited token approvals, phishing for your Secret Recovery Phrase, etc. — relies on user carelessness and haste above all else.”
How “address poisoning” works
Address poisoning centers on wallet addresses being long hexadecimal numbers that are difficult to remember and easy to mistake for other, similar addresses.
Crypto addresses are often shortened to show the first few characters, a blank, and then the last few. Scammers exploit the tendency to trust the familiarity of the first and last few characters.
When transacting, the usual routine consists of copying and pasting an address. Many wallet providers, including MetaMask, feature a one-click function to copy an address.
Address poisoning exploits users’ inattention at this point in the transaction process. Specifically, scammers observe and track transactions of particular tokens, with stablecoins commonly targeted. Then, using a “vanity” address generator, the scammer will create an address that closely matches the target address, especially the first and last few characters.
The scammer sends a transaction of nominal value from the newly generated address to the target address; at this point, the latter becomes poisoned.
In the future, when wishing to send a transaction, the user may mistakenly copy the wrong address based on the familiarity of the first and last few characters. Once executed, the funds end up with the scammer.
“And since on-chain transactions like this are immutable (cannot be altered once confirmed), the lost funds will be irretrievable.”
MetaMask explains how to stay safe
Unfortunately, the nature of public blockchains means anyone, including scammers, can send transactions to any address if they choose.
MetaMask reiterated the importance of checking every address character when sending funds, not just the first and last few.
“Develop a habit of thoroughly checking every single character of an address before you send a transaction. This is the only way to be completely sure you’re sending to the right place.”
Other strategies to avoid falling victim to address poisoning include not using transaction history to copy addresses, whitelisting frequently used addresses to avoid copying and pasting altogether, and using test transactions, especially when transferring large sums.
© 2022-2023 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.
Support CryptoCaster with any amount of Bitcoin by copying and pasting our Unstoppable Domain; villagewest.crypto in your sending wallet or crypto coin exchange.
Your contribution support will help in our growth, coverage, and global presence. CryptoCaster is a decentralized publisher “Covering a Global Evolution Re-defining Mediums Of Exchange”. We will continue to upgrade and create impactful sections to our lineup.
Any amount, as often as you can contribute will be greatly appreciated.
Every contribution, however big or small, is so valuable for our future. Thank you for your consideration and support!
Member of Global Meta Media Consortium℠ – www.g2mc.world