The crypto market has surged in 2024, with trading volumes reaching $141.04 trillion. Unfortunately, scams have kept pace, and “address poisoning” has emerged as a highly effective tactic targeting both new and seasoned traders. This blog breaks down what address poisoning is, how it works, and how to protect yourself from this deceptive scam.
With cryptocurrencies reaching all-time highs and retail investors increasingly entering the market, scams targeting crypto holders have become more sophisticated. One of the latest threats is “Address Poisoning,” a subtle but effective scam aimed at deceiving unsuspecting investors. Here’s how the scam works and what you can do to protect yourself.
What is Address Poisoning?
Address poisoning is a scam that exploits the way cryptocurrency wallets record transaction history. The scammer sends a small amount of crypto (often just a fraction of a cent) to the victim’s wallet from an address that closely mimics one the victim recently interacted with. The goal is to “poison” the victim’s transaction history with a fake address, hoping they will mistakenly send funds to it in the future.
With the transparent nature of blockchain transactions, scammers can identify a target address and monitor its activity. Once they spot a pattern—such as repeated transactions with a particular wallet—they create and use a similar-looking wallet address to send a small amount of cryptocurrency to the victim. This fake address is designed to mimic the wallet the victim frequently interacts with, tricking them into selecting it in future transactions.
For example, say a user regularly transfers Ethereum from their Coinbase account to their MetaMask wallet. The genuine MetaMask wallet address 0xABC123
789XYZ
. A scammer, observing these transactions on the blockchain, creates a fake Ethereum address that closely resembles the user’s wallet, such as 0xABC124789XVZ
.
To execute the scam, the scammer sends a negligible amount of Ethereum (e.g., $0.01 worth) to the user’s wallet from this fake address. This action “poisons” the user’s transaction history by inserting the fake address alongside their legitimate ones.
Later, when the user wants to transfer more Ethereum from Coinbase to their MetaMask wallet, they quickly copy an address from their transaction history, mistakenly selecting the scammer’s fake address. Believing it to be their MetaMask wallet, they proceed with the transaction. Instead of going to their actual MetaMask wallet, the Ethereum is sent directly to the scammer’s wallet, resulting in a loss of funds.
The scam relies on human error and the assumption that transaction history is reliable. Many users copy-paste wallet addresses from their history without verifying each character, making them vulnerable to this attack.
A Painful $68M Case study
In May 2024, a crypto whale lost an estimated $68 million in wrapped Bitcoin (WBTC). A Twitter (X) post by Scam Sniffer | Web3 Anti-Scam made a post that “2 hours ago, another victim lost $68 million by copying the wrong address from a contaminated transfer history.”
In the image above, the addresses outlined in green indicate a transaction from this account to a trusted address. The addresses outlined in red is for a transaction from a phishing address to this account.
The victim: 0x1E227979f0b5BC691a70DEAed2e0F39a6F538FD5
The correct address the victim sent WBTC to: 0xd9A1b0B1e1aE382DbDc898Ea68012FfcB2853a91
The scam address added to the victim’s wallet: 0xd9A1C3788D81257612E2581A6ea0aDa244853a91
It’s likely that the victim mistakenly selected the address from their address book, relying only on the first and last few familiar characters for reference. Unfortunately, the address book had been compromised, containing a fake, poisoned address that led to the loss of funds.
How to Protect Yourself?
Staying informed about the latest crypto scams and practicing good trading hygiene are essential to safeguarding your assets. When it comes to crypto address poisoning, following these steps will help ensure your assets remain secure and protected from this deceptive scam.
- Slow Down & Pay Attention: Never rush through a trade. Every trade needs to be closely reviewed and all transaction addresses (and amounts) double checked for accuracy.
- Never Copy an Address from Your Transaction History: Avoid using your transaction history to copy wallet addresses. Scammers can manipulate it through address poisoning, leading to accidental transfers to fraudulent addresses.
- Use Blockchain Domains for Your Address: Consider using blockchain domains (e.g., ENS for Ethereum or Unstoppable Domains) for your wallet address. These domains allow you to link a human-readable name (e.g.,
yourname.eth
) to your wallet, reducing the chances of errors or confusion when sending funds. By relying on a verified domain, you bypass the need to manage long and complex wallet addresses. - Double-Check Every Address: Always verify the full wallet address before initiating a transaction. Every number. Not just the last few digits. Even small variations in characters can indicate a scam.
- Be Cautious of Small, Unsolicited Transactions: Unexplained deposits in your wallet, especially in tiny amounts, could be an indication of an address poisoning attempt. Treat them as a red flag.
- Enable Whitelisting Features: Platforms that offer whitelisting features allow you to restrict transactions to pre-approved addresses. Utilize this feature whenever possible for additional security.
- Stay Informed About Scams: The crypto space evolves quickly, and so do the tactics of scammers. Regularly update your knowledge and share insights with others to help create a more secure community.
By implementing these measures, including using blockchain domains, you can significantly reduce your risk of falling victim to address poisoning and other scams. Always prioritize security and double-check every detail before making a transacti.
About brandsec
brandsec is a team of highly experienced domain name management and online brand protection experts. We provide corporate domain name management and brand enforcement services, helping brands eliminate phishing platforms across the internet. Supporting some of the largest brands in the region, we offer innovative solutions to combat threats across multiple industries.