What Is Address Poisoning? Everything You Need to Know

What Is Address Poisoning? Everything You Need to Know

Despite hacks and scams regularly hogging the spotlight for the bigger part of 2022, overzealous fraudsters came up with a new method to steal money from crypto wallets. Address poisoning is a new phishing attack that involves changing the Secret Recovery Phrase, then modifying the transaction history. The main difference between address poisoning and the usual scamming technique is that address poisoning heavily relies on the user’s carelessness.

.tweet-container,.twitter-tweet.twitter-tweet-rendered,blockquote.twitter-tweet{min-height:261px}.tweet-container{position:relative}blockquote.twitter-tweet{display:flex;max-width:550px;margin-top:10px;margin-bottom:10px}blockquote.twitter-tweet p{font:20px -apple-system,BlinkMacSystemFont,”Segoe UI”,Roboto,Helvetica,Arial,sans-serif}.tweet-container div:first-child{
position:absolute!Important
}.tweet-container div:last-child{
position:relative!Important
}

function lazyTwitter(){var i=function(t){if(!t)return;var n=t.getBoundingClientRect();return 2500>n.top||-2500>n.top};if(!i(document.querySelector(“.twitter-tweet”)))return;var s=document.createElement(“script”);s.onload=function(){};s.src=”//platform.twitter.com/widgets.js”;document.head.appendChild(s);document.removeEventListener(“scroll”,lazyTwitter);document.removeEventListener(“touchstart”,lazyTwitter);console.log(“load twitter widget”)}document.addEventListener(“scroll”,lazyTwitter);document.addEventListener(“touchstart”,lazyTwitter);lazyTwitter()

How Address Poisoning Works

The leading DeFi crypto wallet provider MetaMask penned a long blog post warning crypto enthusiasts around the globe to double-check the crypto wallet addresses and spread the word about address poisoning to prevent money loss. Firstly, the culprit exploits the victim’s transaction history. For address poisoning to work in full effect, the fraudster generates similar ‘vanity’ addresses to the one a user has.

Indeed, crypto wallet addresses are very hard to remember, because of the cryptographically generated hexadecimal numbers. Hackers tend to instill these new addresses in the counterfeit transaction history, and usually, there’s no visual difference between the actual crypto wallet address and the fake one.

Secondly, once the scammer has created a similarly-looking crypto wallet address, the evildoer sends a transaction of a small value to the newly created dummy wallet. After this happens, the user’s crypto wallet is ‘poisoned.’ This is because the transaction history on MetaMask or any other DeFi wallet shows the hacker’s new address, which is visually unidentifiable as different. Most crypto enthusiasts visually indicate their wallet by the starting and ending characters, while the middle part of an address is rarely remembered.

Finally, this creates an opportunity for the hacker to contaminate the wallet dummy addresses. The next time the unsuspecting user tries to copy the crypto wallet address from the transaction history, the funds might end up in the almost identically-looking hacker’s wallet.

How to Prevent Address Poisoning

Luckily, there are a few go-to methods to prevent the bad actors of crypto from stealing your money. Naturally, the easiest solution to this problem is simply double-checking the crypto wallet addresses before sending the funds. Here are two more advanced workarounds for crypto enthusiasts fearing getting contaminated with address poisoning.

1) Use an address book

In most cases of address poisoning, having an address book instead of copying crypto wallet addresses from personal transaction history should solve the problem. The feature can be accessed on MetaMask by going to Settings > Contacts.

In this way, there are two issues immediately fixed. Firstly, the wallet owner won’t have to copy-paste the addresses, erasing the possibility of copy-pasting the bogus address. Moreover, the address book requires confirmation before putting addresses on it. The hapless hackers cannot change the addresses submitted by the wallet owner.

2) Use a cold wallet

Another effective way of rescuing oneself from the hassle of trying to retrieve lost crypto funds has a cold wallet. Hence, a self-custody wallet not connected to the internet is less susceptible to fraudulent phishing attacks by evil computer geniuses. On top of that, cold hardware wallets form a habit of checking and confirming every transaction sent.

Besides, the second layer of security in such a case could be ‘test transactions.’ These are carried out by sending a nominal amount of money and then waiting for the confirmation that the recipient’s address is indeed the correct one. However, test transactions are unpopular among the crypto community, as it requires double the gas fees.

On the Flipside

  • Having a cold hardware wallet reduces the chances of getting hacked.
  • However, there’s been reports that cybercriminals managed to poison cold wallet addresses.
  • Hence, there’s no way to stop scammers from sending money to your crypto wallet.
  • A habit of “continual scrutiny” is recommended by MetaMask.

Why You Should Care

While ‘address poisoning’ is a relatively new scamming technique, 2022 was one of the most active years in crypto hacks and scams. Ultimately, the crypto transgressors tend to carry out phishing exploits in most cases.

Back to Top
Close Zoom
Don't push your luck