Address Poisoning (Crypto)

Address poisoning in crypto is a scam where a thief tries to trick a crypto wallet owner into sending funds to the scammer’s address.

Advertisements

It is rooted in a similarly-themed attack over local area networks (LAN), known as address resolution protocol poisoning.

In this article, we will focus on address poisoning in relation to cryptocurrencies.

How Does Address Poisoning in Crypto Work?

Address poisoning scammers look to take advantage of the carelessness and haste of some crypto wallet owners. Here is how it works:

  1. Target identification

Crypto blockchains are public and transparent in nature. The transactions carried out by a wallet address are visible to everyone.

An address-poisoning scammer looks for wallet addresses that interact regularly with each other. It could be friends or family members sending cryptocurrencies and NFTs to each other.

  1. Address generation

Let’s assume that you and your friend Ryan regularly send tokens to each other. The scammer has identified the pair of you as their target.

The scammer will use a vanity address generator to create a wallet address that closely resembles your or Ryan’s wallet address.

Crypto wallet addresses can be as long as 42 alphanumeric characters, which makes them difficult to remember. Most crypto wallet users have fallen into the short-cut trap of checking the first and last four characters.

The address-poisoning scammer looks to exploit this habit. The scammer will aim to generate a fake address with the same first and last four characters as the victim’s wallet address.

  1. Address poisoning 

Now that the fake address is ready, the scammer will send a small amount of crypto or NFTs (or even a $0 token transaction) to the victim’s wallet address.

The victim’s transaction history has now been “poisoned.” The deceitful transaction will appear on the victim’s wallet transaction history. 

The scammer hopes you or Ryan will copy-paste the scam address from the transaction history and send funds to the scam address instead of the legitimate one.

  1. The Sting

By the time the victim realizes their mistake, it will be too late to recover the lost cryptocurrencies.

 

Address Poisoning: How to Protect Yourself?

Here are some steps to avoid becoming a victim of address poisoning attacks:

  1. Double-check addresses

Following this first step will nip the address poisoning scam in its bud. Checking every single character of the wallet address before sending cryptocurrencies from your wallet is the most effective way to avoid becoming a victim of address poisoning.

  1. Avoid copying addresses from transaction history, and save regular contacts.

Never copy wallet addresses from transaction history when sending funds. 

When sending cryptocurrencies from centralized exchanges like Binance and Coinbase, you can save verified wallet addresses and assign nicknames to the address. This prevents you from having to copy-paste a wallet address whenever you send funds to your personal wallet or your family and friends.

When using self-custodial wallets like MetaMask and Coinbase Wallet, you can scan the QR code of the recipient’s wallets to ensure that the funds go to the right person. 

You can also add your frequently used addresses to your wallet address book on MetaMask.

Lastly, using Ethereum Name Service (ENS) usernames can secure and simplify sending and receiving cryptocurrencies from one wallet to another.

  1. Test transactions

To be fully safe and secure about your transaction, you can conduct a test transaction by sending a small amount of crypto to the receiver’s address. 

This method is helpful when the transaction value is high. However, the sender will have to pay gas fees for two transactions instead of one.

  1. Hiding unwanted cryptocurrencies and NFTs

Self-custodial wallet user may have noticed random cryptocurrencies and NFTs being sent to their addresses by unknown entities. You should ‘hide’ these unwanted tokens in your wallet. Most wallets have this feature.

Hardware wallet maker Ledger recommends users not transfer or send these unwanted tokens to another account or to burn addresses. Any interaction with these suspicious tokens may trigger a potentially malicious smart contract.

The Bottom Line

On a positive note, address poisoning in crypto is a scam that users can easily protect against. Users need to be aware of the strategies that address poisoning scammers use so that they can protect themselves.

However, the human nature of carelessness and haste can cause us to become absent-minded and fall for such scams.

Anyone can be a victim, even regulators. In 2023, the US Drug Enforcement Administration (DEA) fell for an address poisoning scam and lost $55,000 worth of stablecoin tether (USDT). 

Before we end this article, we want to remind crypto wallet users that attackers cannot access their wallets and funds without the secret recovery phrase.

Therefore, it is imperative to protect your wallet’s secret recovery phrase and never disclose its contents to anyone.

Advertisements
Related Question
How can a local area network (LAN) be secured? Crypto Coins vs. Tokens: What’s the Difference?

Related Terms

Latest Blockchain Terms

Related Reading

Mensholong Lepcha
Mensholong Lepcha

Mensholong Lepcha is a financial journalist specializing in cryptocurrencies and global equity markets. He has worked for reputed firms such as Reuters and Capital.com. Fascinated with blockchain technology, NFTs, and the contrarian school of investing, Mensholong has expertise in analyzing tokenomics, price movement, and technical details of Bitcoin, Ethereum, and other blockchain networks. He has also written articles on a wide range of financial topics including commodities, forex, central bank monetary policies, and other economic news.

Related News

dummy_img
Blockchain

Lessons From When the DEA Lost $55,000 in a Crypto Scam

Mensholong Lepcha12 hours
dummy_img
Artificial Intelligence

AI Needs To Be Explainable When It Enters the Classroom

Dr. Tehseen Zia12 hours
dummy_img
Artificial Intelligence

Will ChatGPT Mean An End to Human Moderation Jobs?

Kaushik Pal12 hoursTechnology Writer
dummy_img
Blockchain

Why ‘ReFi’ is the Latest Word in the $35tn Sustainable Investing Market

Assad Abbas12 hoursTenured Associate Professor of Computer Science at COMSATS University
dummy_img
Cryptocurrency

Crypto Tech is Changing All Traditional Industries – Here’s How

Arthur Cole12 hoursTechnology Writer
dummy_img
Blockchain

Not So Black And White: Exploring Grayscale’s Victory in Spot Bitcoin ETF Case

Sam Cooling12 hoursCrypto & Blockchain Writer

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
Trading
Trading
VoIP
VoIP
VPN
VPN