Harry wants to send 2 bitcoins to his mate Sam; he has interacted with Sam’s wallet address in the past, and their previous transactions have both incoming and outgoing transfers to Sam’s wallet. So, this time, Harry decides to copy the wallet address from the activity tab without giving much thought to the address and sends the bitcoin. This is a classic scenario of how address poisoning can occur.
Let’s understand how wallet addresses are generated and how a fraudster can advantage from this.
- Random Address Generation:
Wallet addresses are generated by cryptographic algorithms, and one can generate millions of random addresses. Fraudsters do this too until they find one with matching first and last characters to their intended victims wallet address. - Customized Address Creation:
Organized groups use vanity address generators (tools designed to create custom wallet addresses) to craft addresses that closely resemble the target address. These tools allow fraudsters to specify patterns, such as the first six or last four characters, to mimic a legitimate wallet. - Token Manipulation:
Fraudsters send fake tokens with misleading names (e.g., “USDT”), which can appear legitimate in your wallet interface but are not the actual tokens you use.
So, what is address poisoning and how does it work?
Address poisoning is where fraudsters send small amounts of crypto to a wallet using an address similar looking to the victims or to an address the user interacts with. The goal is to confuse the user into sending funds to the wrong address during subsequent transactions.
Try opening a wallet address in any of the exchanges; most of them will display the first six and the last four characters of the address. By observing user behaviour, a fraudster can create a fake wallet address that closely resembles the user’s own or a trusted recipient’s address. When a fraudster sends a small amount of crypto to the user’s wallet, these compromised addresses are then introduced into the user’s transaction history, relying on the user’s habit of copying addresses from past transactions. If the user copies one of these addresses and sends money to it, then the money is irretrievably lost.
Practical Example:
Imagine your wallet address is: 0x1234…….EFGH
The fraudster generates a malicious address that looks like this: 0x1234……FGH1 or 0x1234…abcdEFGl (with a lowercase “L” instead of an uppercase “I”).
When viewing your transaction history, these addresses might appear almost identical to your legitimate recipient’s address. Since users typically only verify the first few and last few characters of a wallet address, it’s easy to mistake the fake address for the correct one.
Real-World Example:
One individual lost $71 million in wrapped bitcoin (wBTC) because they unknowingly sent funds to a poisoned address. This case underscores how even seasoned crypto users can fall victim to such attacks.
Prevention Methodologies
- Always copy from the source:
Retrieve wallet addresses directly from the recipient wallet, not from transaction history every single time. - Use Address Labels:
Assign labels to frequently used addresses to avoid confusion. - Enable Address Whitelisting:
Restrict transactions to pre-approved addresses only. - Verify Before Sending:
Double-check the entire address before confirming any transaction. Be vigilant about subtle differences in characters. - Stay Educated:
Keep up with the latest scams and security best practices.
So next time you make a transfer to a wallet, always copy from the source and never from transaction history 🙂