A new cryptocurrency scam is on the rise, known as Address Poisoning. Criminals exploit the transparency of public blockchains to identify addresses that frequently transact with each other. By sending small amounts of cryptocurrency from addresses that look similar—but not identical—to one of the target’s usual counterpart addresses, scammers “poison” the transaction history of the target address. The hope is that the next time the victim attempts to send funds to a familiar address, they will unknowingly copy the “poisoned” string and mistakenly send funds to the scammer’s wallet, leading to financial loss.
Who would fall for such a scam? The reality is that more people are susceptible to falling victim than you might think, especially when criminals scale this technique. Just a few days ago, a trader lost approximately $68 million worth of cryptocurrency in a single transaction due to an address-poisoning scam.
The good news is that by following a few simple transfer hygiene principles, you can easily avoid becoming a victim of this scam. Additionally, Binance’s security team offers extra protection against Address Poisoning.
Address Poisoning: How Fake Addresses Deceive Users
When transferring cryptocurrency, the most important item is the wallet address, a long, random combination of uppercase and lowercase letters and numbers. This address is often difficult to remember, so users tend to copy-paste it from their transaction history without thoroughly checking it. They may only verify the first and last few characters but not the entire address. Scammers take advantage of this human weakness in Address Poisoning, employing methods like Zero U Poisoning and Head-Tail Address Phishing to deceive users.
Zero U Address Poisoning
Users who habitually copy wallet addresses from their transaction history should be cautious. Scammers typically monitor the transfer habits of their target and identify several frequently transacted addresses. Once this is done, they generate a wallet address that is very similar in appearance—matching the first and last few characters of the target’s regular addresses—and send small, low-value tokens or NFTs to the victim’s address.This causes the victim’s transaction history to contain these fraudulent addresses. If they don’t check carefully the next time they initiate a transfer, they might mistakenly copy the fraudulent address and send their cryptocurrency to the scammer’s wallet.
If you receive unknown or suspicious assets in your wallet, don’t panic. These assets won’t immediately harm your account, but it’s advised not to use or interact with any NFTs or tokens that appear suspicious, as scammers may hide malicious links in them.
How to Avoid Fake Address Scams
As with any scam, the best defense is knowledge and vigilance. Here are some practical tips to help you avoid falling victim to Address Poisoning and fake address scams:
Double-check the Address: Always verify the full recipient address, not just the beginning or the end.
Save Trusted Addresses: Use your wallet’s feature to save frequently used, trusted addresses and assign them nicknames or QR codes to avoid repetitive copying and pasting.
Use Name Services: Services like Ethereum Name Service (ENS) allow you to use a shorter, more recognizable address, making it harder for scammers to mimic.
Conduct Test Transactions: When transferring large amounts of digital assets, always send a small test transaction first to ensure the recipient address is correct.
Be Careful with Copy-Pasting: Malicious software can modify your clipboard content, replacing the address you copied with a scammer’s. Always recheck the address after pasting it, and consider manually entering part of the address.
Address poisoning scams are on the rise, highlighting the importance of staying vigilant in the digital asset space. By regularly verifying the recipient address, using wallet features to store trusted addresses, leveraging services like Ethereum Name Service (ENS), and conducting small test transactions, you can significantly reduce the risk of falling for these scams.
Proactive identification of fraudulent addresses and user alerts are also crucial in helping to warn people of potential scams. As threats continue to evolve, combining protective measures with ongoing scam awareness education is key to safeguarding your assets.