Address Poisoning: How the New Crypto Scam Works

May 15, 2024 | Crypto Scam Defense, Fraud | 0 comments

Have you ever wondered how big the scam industry is? The rise in cryptocurrency fraud has become a major worry due to its misleading simplicity and deadly consequences. Recently, a new tactic called address poisoning became one of the most complex strategies used by fraudsters; which led to a crypto trader losing $68 million in one such scam

Address poisoning is a scam that focuses on targeting cryptocurrency users. As we go more into the mechanics of address poisoning, we must understand how it works and what precautions must be taken to avoid falling victim to this costly deception.

image of Ethereum and some keys

What is Address Poisoning Scam?

Address poisoning is a scam where fraudsters create fake cryptocurrency wallet addresses that closely resemble legitimate ones. The goal is to trick users into mistakenly sending funds to these deceptive addresses, believing they are transacting with known contacts.

How Does Address Poisoning Scam Work?

Address poisoning is a well-planned scam that goes through a series of clever steps, each designed to trick the victim into losing their digital assets, such as Bitcoin and Ethereum. 

Below is the detail of how scammers plan this scam:

1-Identification of the Victims

Scammers start by identifying their potential victims. They use blockchain explorers, tools that allow anyone to view all transactions and wallet addresses on a blockchain network. These scanners help scammers find active wallet addresses and analyze transaction patterns, making it easier to choose targets.

2-Crafting False Addresses

Once a target is picked, the scammer uses a custom address generator to create a new wallet address. This tool enables the creation of addresses that closely mimic the target’s, which typically contains 42 numbers and might be easily confused with the address of a known contact. 

Often differing by only a few characters, these similarities are usually subtle enough to be undetectable to the naked eye, effectively setting the stage for deception.

3-Initiating Fraudulent Transactions

With the fake address ready, the scammer sends small amounts of cryptocurrency to the victim’s wallet from this address. This step is most important as it causes the fake address to appear in the victim’s transaction history, posing as a family or legitimate contact.

3-Victims Mistakenly Send Crypto to Scammers

When the victim prepares to send cryptocurrency, may inadvertently select the scammer’s address from her history, mistaking it for the address of a trusted recipient. Since the addresses look almost identical, it is easy to make this mistake, especially if the victim is in a hurry or not paying much attention.

4-Irreversible Transaction

Once the transaction is made, the scam is complete. Blockchain transactions are irreversible; once funds are transferred to the scammer’s address, they cannot be recovered. This permanent loss is what makes address poisoning particularly devastating.

A metal box containing bitcoin coins

How to Avoid Address Poisoning Scam

Security is more than a precaution, especially in the world of cryptocurrencies. Address poisoning scams take advantage of a slight change in wallet numbers and generate significant losses, forcing users to adopt strong security practices to protect their digital assets. 

Here are some effective measures to avoid being a victim of address poisoning:

  • Clipboard Vigilance: Be aware of malware that can alter the contents of your clipboard, a common trick used by hackers. After copying an address, always double-check that the pasted output matches the original copied address. Consider typing a few characters manually to ensure the address has not been swapped out.
  • Update and Secure Software: Regularly update your wallet software and any security applications. These updates often contain patches for vulnerabilities that could be exploited by attackers or scammers. Ensure your device’s operating system and any related security software are also up-to-date.
  • Every Character Count: Always very carefully inspect each character of a cryptocurrency address before making any transaction. Although this process can be tedious, ensuring every character matches is essential for your security.
  • Use Advanced Wallet Features: Many wallets offer features that can improve your security, such as address books, where you can save and label addresses of trusted contacts. Using these features prevents typing mistakes and helps you quickly verify the legitimacy of the addresses you frequently transact with.
  • Implement Transaction Verification Protocols: For big-amount transactions, do a small test transfer first to confirm the accuracy of the recipient’s address. After the test, verify the transaction details with the recipient through a separate communication channel before proceeding with the full amount.
  • Adopt QR and Domain Verification Methods: To avoid the risk of typing errors or falling for visually similar spoofed addresses, use QR codes for transactions when possible.
  • Simplify Transactions with ENS Usernames: Where possible, use services like ENS to simplify transactions. These services allow you to use simple, memorable usernames instead of long, complex wallet addresses, reducing the chance of errors.
  • Securely Manage Unwanted Cryptos: Be cautious with unsolicited tokens or cryptos that appear in your wallet. Interacting with these could generate malicious contracts. If you receive unexpected tokens, do not move them; instead, hide them from your wallet’s display to avoid accidental interactions.

FAQs about Address Poisoning Scam

On Which Blockchains Is the Address Poisoning Scam Taking Place?

Address poisoning scams occur on any blockchain that uses account-based systems, such as Ethereum. They are also common on blockchains like Polygon (MATIC), Tron (TRX), Tezos (XTZ), Solana (SOL), and Binance Smart Chain (BNB). 

These blockchains are particularly vulnerable due to their lower transaction costs, which allow scammers to execute the scam widely and economically.

If I notice a strange ‘Sent’ or ‘Fees’ transaction in my history, could it be address poisoning?

Yes, address poisoning might appear as a normal transaction labeled as ‘Received,’ or it could show up as a Sent or Fees transaction in your history.

Can I safely keep tokens sent by scammers in my wallet?

Yes, you can keep them, but make sure you don’t interact with these tokens. Do not send them anywhere or try to delete them, as this might activate a hidden malicious function. Instead, you can simply hide these tokens from your wallet’s display to avoid seeing them.

a hand holding a note with caution about address poisoning cams

Recent Developments in Address Poisoning Scams

$71 million address poisoning attack involving Wrapped Bitcoin (WBTC)

In recent developments, a notable address poisoning scam involving wrapped Bitcoin (WBTC) resulted in a loss of $71 million. Fortunately, the victim managed to recover nearly all the stolen funds. The recovery was made possible through a collaborative effort involving blockchain cybersecurity firm Match Systems and the Cryptex exchange

Despite the initial financial setback, the successful recovery highlights the effectiveness of rapid response and the importance of collaboration between cybersecurity experts and financial platforms in addressing such sophisticated cryptocurrency scams.

Improved Defenses in Crypto Transactions: A Call for Extra Security

The cited case of address poisoning highlights a major, ongoing issue in the cryptocurrency space: the sophistication and severity of scams. Address poisoning exploits both technological weaknesses and user error, underlining the urgent need for increased awareness and security precautions among cryptocurrency users. 

The event highlights the risks associated with digital assets and emphasizes the need for stronger defensive measures to protect investments from fraud. Additionally, it underscores the importance of reporting any suspicious activity and building a well-informed and collaborative community as key to improve both individual and collective protection.

We Want to Hear From You!

The fight against cryptocurrency scams is a community effort, and your insights are invaluable. Have you encountered a scam, or do you have questions about navigating the complex world of digital currency? Maybe you have suggestions or want to share your story to help others. Whatever your experience, we’re here to listen and support you.

Reach out to us at Share your stories, ask questions, or make comments. Your voice is crucial to building a resilient and informed community. Together, we can improve our defenses and promote a safer digital space for all.

Be a part of the change. Your story matters.

Photos via Unsplash