Cybercriminals keep coming up with ways to steal your crypto assets. Address poisoning attacks are one of them.
Read on as we discuss address poisoning attacks, how they work, the various types, and how to protect yourself against them.
What Are Address Poisoning Attacks?
Address poisoning attacks are a type of cryptocurrency scam where the attackers confuse wallet owners by sending them small amounts of crypto from wallet addresses similar to the target’s. In most cases, the fake address will have the first and last characters similar to the real address.
The scammers using this method understand that most users don’t memorize their addresses due to the lengthy nature of crypto wallet addresses. Instead, they copy and paste them when conducting transactions, leaving the door open for scammers to take advantage of users who may fail to notice the differences.
How Does Address Poisoning Work?
Address poisoning attacks involve four key steps. Here’s a breakdown:
- A typical transaction takes place. You complete a crypto transfer to a wallet you transact with regularly. The address might be yours or belonging to a known recipient.
- The scammer uses a vanity address generator to create a similar address. Scammers use this method to monitor the transfer of certain digital assets and identify regular transactions. Since public blockchains have transaction information on public ledgers, scammers can use services like Etherscan to find this information. The vanity address will be similar enough that a glance will assure you have the correct address.
- The scammer sends you some funds. The scammer will send you a small amount of crypto using the fake address. In some cases, the scammer will create a smart contract that sends tokens to zero amount to an address you transact with often. This will add it to your transaction history.
- The similarities in the addresses might lead you to copy the scammer’s address and paste it to complete a transaction. As a result, you fall prey to the scam and send funds to the fake address.
Types of Address Poisoning Attacks Explained
Let’s take a look at some of the different forms of address poisoning attacks.
Address Spoofing
The scammers create addresses that closely resemble a user’s frequently used ones. With users often copying and pasting addresses from their transaction history, they can copy the wrong address and send the funds to the scammer.
Fake Payment Addresses or QR Codes
Attackers can share QR codes for wallets that include minor changes to the encoded address, leading the victims to send funds to the scammer’s address.
Sybil Attacks
The attackers create multiple false nodes to take control of a blockchain network. They then modify data, jeopardize the network’s security, and trick users into sending funds to the wrong addresses.
Transaction Interception
Using malware on a user’s device or the network, the attacker intercepts valid crypto transactions and changes the destination address.
Phishing Attacks
Scammers build fake websites or emails resembling reputable wallet providers or exchanges. Unsuspecting users then get tricked into sharing sensitive information that the attackers can use to transfer funds from the victim’s wallet.
How to Avoid Address Poisoning Attacks
Avoiding address poisoning attacks requires diligence and extra steps to ensure wallet and transaction security. Here are some steps you can take:
Use a Name Service
Name services such as BSC Name Service (BNS) and Ethereum Name Service (ENS) are impossible to duplicate. Additionally, their short length will allow you to verify that you have the correct address each time.
Create a Contact List
Add the wallets you regularly transact with your contact list to avoid being tricked into sending funds to addresses with similar characters.
Set up Alerts
Alerts notify you of any activity involving your address, and you will be able to flag any suspicious transactions.
Exercise Caution
Avoid clicking on links from untrusted sources, and always double-check the addresses from previous transactions before copying them.
Use Air-Gapped Wallets
Keep your private keys offline with air-gapped crypto wallets. This minimizes your exposure to attackers.
With public blockchains, you cannot stop anyone from sending funds to your wallet. However, if you exercise extra caution by thoroughly verifying the details of every transaction, you minimize the chance of being a victim of an address poisoning attack.
Attackers rely on you executing transactions routinely without double checking to notice you are sending their funds to them. Take extra caution and research the various ways of improving the security of your cryptocurrency holdings.