Cointime

Cointime

Download App
iOS & Android

MetaMask Warns of ‘Address Poisoning’ Wallet Scam

MetaMask notified the crypto community of a new type of scam called “address poisoning” in a recent post.

The scam was rated as “rather innocuous compared to other scam types.” However, the company warned that address poisoning still has the potential to dupe unsuspecting users into losing funds.

“Address poisoning is an attack vector that, in contrast to other scams — which often use methods that have served many scammers so well, such as unlimited token approvals, phishing for your Secret Recovery Phrase, etc. — relies on user carelessness and haste above all else.”

How “address poisoning” works

Address poisoning centers on wallet addresses being long hexadecimal numbers that are difficult to remember and easy to mistake for other, similar addresses.

Crypto addresses are often shortened to show the first few characters, a blank, and then the last few. Scammers exploit the tendency to trust the familiarity of the first and last few characters.

When transacting, the usual routine consists of copying and pasting an address. Many wallet providers, including MetaMask, feature a one-click function to copy an address.

Address poisoning exploits users’ inattention at this point in the transaction process. Specifically, scammers observe and track transactions of particular tokens, with stablecoins commonly targeted. Then, using a “vanity” address generator, the scammer will create an address that closely matches the target address, especially the first and last few characters.

The scammer sends a transaction of nominal value from the newly generated address to the target address; at this point, the latter becomes poisoned.

In the future, when wishing to send a transaction, the user may mistakenly copy the wrong address based on the familiarity of the first and last few characters. Once executed, the funds end up with the scammer.

“And since on-chain transactions like this are immutable (cannot be altered once confirmed), the lost funds will be irretrievable.”

MetaMask explains how to stay safe

Unfortunately, the nature of public blockchains means anyone, including scammers, can send transactions to any address if they choose.

MetaMask reiterated the importance of checking every address character when sending funds, not just the first and last few.

“Develop a habit of thoroughly checking every single character of an address before you send a transaction. This is the only way to be completely sure you’re sending to the right place.”

Other strategies to avoid falling victim to address poisoning include not using transaction history to copy addresses, whitelisting frequently used addresses to avoid copying and pasting altogether, and using test transactions, especially when transferring large sums.

Comments

All Comments

Recommended for you

  • Kaiko data: Bitcoin miners’ income has dropped sharply, and they may sell BTC to maintain operations

    The latest data from cryptocurrency research and analysis company Kaiko shows that miners are facing huge selling pressure as Bitcoin mining revenue and transaction fees decline. Bitcoin miners' income mainly comes from two aspects: mining rewards and transaction fees. However, affected by the halving of Bitcoin rewards in April (block rewards dropped from 6.25 BTC to 3.125 BTC), miners have to sell Bitcoin to pay for costs. Kaiko researchers pointed out in the report that the halving event usually prompts miners to sell BTC because the mining process requires a lot of expenses.

  • Brazil's trading volume reaches $6 billion in 4 months

    According to Kaiko Research, the correlation between Bitcoin (BTC) and stocks is increasing. After reaching a multi-year low of 0.01 in March, the 90-day correlation rose to 0.17 last week. Based on the company's research report on May 13th, the 90-day correlation between Bitcoin and stocks rose to 0.17 in the week of May 5th, higher than the multi-year low of 0.01 in March. The correlation between BTC and risk assets is lower than the high of 0.6 during the bull market.

  • Ethereum Foundation Announces Open Application for the Fifth Ethereum Protocol Fellowship Program

    On May 14th, the Ethereum Foundation announced that the fifth round of the Ethereum Protocol Fellowship (EPF) program is officially open for applications, with a deadline of May 26th.

  • CFTC settles registration violations with Falcon Labs

    The US Commodity Futures Trading Commission (CFTC) has reached a settlement with the major cryptocurrency broker Falcon Labs, Ltd. to resolve Falcon Labs' failure to register. This is the CFTC's first action against an unregistered futures commission merchant, and Falcon Labs was accused of improperly facilitating customer trading on digital asset exchanges. Falcon Labs neither admitted nor denied the CFTC's findings and was fined over $1.7 million. Previously, the CFTC had charged Binance and its former CEO, and Falcon Labs subsequently changed its method of collecting customer information and updated its know-your-customer policy. The CFTC said it hopes to encourage other illegal digital asset intermediaries to report their activities through cooperation and reform with Falcon Labs.

  • Chainalysis: Around $24 Million in Crypto to be Stolen by Impostors and Tax Authorities in 2023

    According to Chainalysis, by 2023, approximately $24 million worth of cryptocurrency will be stolen through impersonation and tax authority scams. The company estimates that as of April 2024, the total amount stolen will be close to $17 million.

  • Tether CEO: Ripple CEO's comments spread fear about USDT

    According to reports, Tether CEO Paolo Ardoino responded to comments made by Ripple CEO Brad Garlinghouse in a recent interview about the stablecoin Tether (USDT) on social media. Garlinghouse stated in the interview that the US government is pursuing Tether, which is clear to me. Ardoino said that an uninformed CEO leading a company under SEC investigation launched a competitive stablecoin (cui prodest), spreading fear about USDT. Ardoino emphasized Tether's critical role in providing financial services to unbanked communities in emerging and developing regions, which are often overlooked by traditional financial institutions. He further asserted that Tether adheres to strict transparency and regulatory compliance standards, as evidenced by its compliance with the OFAC/SDN list, its partnership with Chainalysis, and its extensive collaboration with international law enforcement agencies to detect and prevent illegal activities, thereby enhancing the security of its ecosystem.

  • Multisig Exploit hacker-related addresses become active and launder money

    Multisig Exploit's hacker attack was the first hacker attack in ETH's history, with over 150,000 ETH stolen, worth about $30 million at the time (back in July 2017). Today it is worth nearly $450 million, and more than 80,000 ETH is still involved in the addresses starting with 0xb37647. The address has sent about 70,000 ETH to seven different addresses, each with 10,000 ETH. In recent months, these different addresses have been slowly laundering the money. One of the addresses starting with 0x5167052 has recently become active again.

  • Web3 AI platform ChainML completes $6.2 million seed round of financing

    Web3 AI platform ChainML has announced the completion of a $6.2 million seed round of expansion financing, led by Hack VC, with participation from Inception Capital, HTX Ventures, Figment Capital, Hypersphere Ventures, and Alumni Ventures. The platform also announced the launch of its agent-based foundation layer, Theoriq.

  • Metaverse project Baby Shark Universe completes seed round financing

    Baby Shark Universe project, a metaverse project, has completed a seed round of financing with a valuation of $34 million. Participating investors include Animoca Brands, CREDIT SCEND, Sui Foundation, Comma3 Ventures, Creditcoin, GM Ventures, Neuler, Notch Ventures, X+, and Planetarium. The specific amount has not been disclosed, and the new funds will be used for development and global marketing. According to reports, Baby Shark Universe is an open-world role-playing game where players can create their own game content (items, maps), enjoy content created by other players, and expand the game's narrative based on their choices and actions.

  • Hong Kong Stock Exchange Confirms Crypto ETFs Unavailable to Mainland Chinese Investors

    According to Coindesk, the Hong Kong Stock Exchange has confirmed that cryptocurrency ETFs are not available to mainland Chinese investors. Hong Kong's cryptocurrency ETFs will provide a means to bypass capital controls in mainland China due to their unique physical redemption model.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company