In address poisoning, scammers exploit absentmindedness when copying and pasting wallet addresses.
MetaMask notified the crypto community of a new type of scam called “address poisoning” in a recent post.
The scam was rated as “rather innocuous compared to other scam types.” However, the company warned that address poisoning still has the potential to dupe unsuspecting users into losing funds.
“Address poisoning is an attack vector that, in contrast to other scams — which often use methods that have served many scammers so well, such as unlimited token approvals, phishing for your Secret Recovery Phrase, etc. — relies on user carelessness and haste above all else.”
How “address poisoning” works
Address poisoning centers on wallet addresses being long hexadecimal numbers that are difficult to remember and easy to mistake for other, similar addresses.
Stay in the know on crypto by frequently visiting Crypto News Today
Crypto addresses are often shortened to show the first few characters, a blank, and then the last few. Scammers exploit the tendency to trust the familiarity of the first and last few characters.
When transacting, the usual routine consists of copying and pasting an address. Many wallet providers, including MetaMask, feature a one-click function to copy an address.
Address poisoning exploits users’ inattention at this point in the transaction process. Specifically, scammers observe and track transactions of particular tokens, with stablecoins commonly targeted. Then, using a “vanity” address generator, the scammer will create an address that closely matches the target address, especially the first and last few characters.
The scammer sends a transaction of nominal value from the newly generated address to the target address; at this point, the latter becomes poisoned.
In the future, when wishing to send a transaction, the user may mistakenly copy the wrong address based on the familiarity of the first and last few characters. Once executed, the funds end up with the scammer.
“And since on-chain transactions like this are immutable (cannot be altered once confirmed), the lost funds will be irretrievable.”
MetaMask explains how to stay safe
Unfortunately, the nature of public blockchains means anyone, including scammers, can send transactions to any address if they choose.
MetaMask reiterated the importance of checking every address character when sending funds, not just the first and last few.
“Develop a habit of thoroughly checking every single character of an address before you send a transaction. This is the only way to be completely sure you’re sending to the right place.”
Other strategies to avoid falling victim to address poisoning include not using transaction history to copy addresses, whitelisting frequently used addresses to avoid copying and pasting altogether, and using test transactions, especially when transferring large sums.
Read More at CRYPTOSLATE
Please Read Essential Disclaimer Information Here.
© 2022-2023 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.
Consider Donating to CryptoCaster℠ Via Wallet Coin/Token Addresses Below.
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
MATIC – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
LITECOIN – ltc1qxsgp5fykl0007hnwgl93zr9vngwd2jxwlddvqt