Emergence of a new crypto scam: What is Address Poisoning?

YEREVAN (CoinChapter.com) – There’s no shortage of scams in the crypto sphere. Rug-pull projects, unrealistic APYs, tricks to obtain people’s private keys, you name it. However, a new scam on the block is ‘address poisoning.’ How does it work, and how can users avoid it?

Address poisoning is easy to miss

Anyone who owns a crypto wallet has most likely noticed that each wallet has an address comprised of random numbers and letters. The hexadecimal code is, in fact, a double-edged sword. On the one hand, a potential culprit can never randomly guess the code, making it safe to use. But, on the other hand, the unintelligible code is extremely hard to remember.

That’s when the recognition mechanism of the brain kicks in. It is proven that even when reading, our brain recognizes the first and last few letters of a word, quickly filling in the blanks. That exact mechanism makes it harder to catch spelling mistakes within the center portion of a word. Spelling challenges aside, many users recognize a wallet number by the first and last few symbols.

So, what do we naturally rely on? Copying and pasting an address. Not to make mistakes, right? Additionally, the wallet addresses in a transaction log often appear shorter, the eternal battle of a long script on a small screen. Convenience makes us careless, and scammers, naturally, know that.

Also read: Logan Paul Threatens To Sue Coffeezilla over Zoo Token Scam Allegations.

How does the scam work in practice?

1. The unassuming user sends a transaction to their buddy. Nothing special; it is an everyday, not-large-scale transfer.
2. The scammer uses software that monitors transfers of certain tokens, most commonly stablecoins. Then, the culprit also uses a ‘vanity’ address generator that spits out an address closely matching your wallet or your buddy’s wallet.
3. Address poisoning culprit then sends a minuscule amount from their real wallet to the ‘dummy wallet’ they created, which mimics your address. More often than not, it can even be a zero-value transaction. By doing so, they “poison” your address.

Next time you need to copy-paste your wallet address, there’s a high chance you might slip up and copy the ‘dummy’ address instead. They are long, and you only remember the first and last few characters anyway, right?

Crypto transfers are, for the most part, immutable. Congratulations, you sent funds to another address instead of your own.

Protecting private information against the new scam is easy enough

Convenience is the enemy of security. Now repeat that again. Running the risk of entering a tinfoil-hat territory, if someone makes things convenient for users, they are bound to heighten the susceptibility to scams. Thus, winning back security would mean partially sacrificing time and energy.

Always double-checking the ENTIRE wallet address will help to avoid the scam. Additionally, poisoning an address does not prevent the rightful owner from using their wallet safely. Thus, the entire scam relies on human error, which puts the responsibility on the wallet owner. Double-checking every single transaction is enough not to bite the bait. Plus, it is a generally good habit in any sort of crypto-related activity.

Additionally, MetaMask support recommends using their Address Book feature.

Also read: Is AAX Exchange the Next Exit Scam in Crypto Sector?