Address poisoning, also known as address spoofing, is a way scammers and cybercriminals can poison or infiltrate your transaction history through dummy transactions. It's a relatively new crypto/Web3 scam, and this article explains how it works, its effects and how to avoid it.
What is crypto address poisoning?
Address poisoning is a crypto wallet scamming method where a scammer tries to confuse a crypto trader or wallet owner by sending them small amounts of crypto through a fake wallet address very similar to theirs or someone they usually trade with. They do this to trick the wallet owner into sending funds to the scammer's address.
It's important to note that while this method is less dangerous than other scams, it can still lead to financial losses.
How Crypto Address Poisoning Works
Cryptocurrency address poisoning happens in the following three steps:
Step 1: Address Duplication
Crypto transactions are recorded on a public ledger/record known as the blockchain. This transparency allows anyone to access transaction histories by using a block explorer.
A block explorer is like a search engine for a blockchain. You can use it to find out all kinds of information like block history, crypto transactions, wallet addresses, etc. Basically, it's a tool that gives you a lot of data about what's happening on the blockchain in real-time, including different addresses associated with different transactions.
Scammers use the Block Explorer to gather wallet addresses, check their transaction history on the blockchain, and create fake wallet addresses, also called 'vanity addresses’, closely resembling those of their potential victims.
Because crypto addresses are a long string of letters and numbers that are hard to memorise or remember, they can create (fake) addresses with the same first and last few characters as their potential victims.
Step 2: Address Poisoning
After generating these fake addresses, scammers employ them to send tokens to their potential victims, thus creating a transaction history that closely resembles the victim's own address or that of their usual trading partners.
These tokens (and NFTs) the scammers send are usually of low value and small in amount. Due to their low transaction fees, address poisoning commonly occurs on blockchains such as Binance Smart Chain, Ethereum, and Polygon.
Step 3: Cryptocurrency Rerouting
The final stage of this scam occurs when the wallet owner unknowingly copies the scammer's address and sends crypto to them, believing it to be their own or that of a trusted friend or business partner.
Alternatively, it may occur when the victim unintentionally shares the fake address with someone who intends to send them cryptocurrencies like BTC, USDT, ETH, or other coins.
The Effect of Address Poisoning
Address poisoning has two significant negative effects on victims:
Traders can lose their crypto or other digital assets
Once a trader falls victim to successful address poisoning, they might unknowingly transfer hundreds or even thousands of dollars worth of crypto before realising what's happening. Unfortunately, recovering these funds is nearly impossible, as blockchain transactions are irreversible.
Address poisoning makes crypto traders vulnerable to other scams
Once your address gets poisoned, the scammer can take things further by sending you NFTs linked to destructive malware or phishing sites. Moreover, they can launch dust attacks on your wallet or account to obtain your personal information and subsequently blackmail you.
Address poisoning, phishing and crypto dusting are all branches of the same crypto scammer tree, trying to steal from unsuspecting traders.
How Obiex Can Help You Avoid Address Poisoning
At Obiex, we prioritise your security and provide features that help safeguard your assets:
Save Address Feature
Our mobile and web app allows you to save frequently used addresses. This way, you don't have to rely on copying and pasting addresses every time you trade.
Crypto Sending via Username
Our username feature lets you conveniently send cryptocurrencies to other traders on the Obiex app. This eliminates the need to remember complex addresses and reduces the chances of falling victim to address poisoning.
Extra Tips to Avoid Crypto Address Poisoning
Double and Triple-Check Addresses
Always exercise caution and verify addresses carefully before sending any crypto. Take the time to double and triple-check the receiver’s address to ensure it is accurate.
Test with Small Amounts
To add an extra layer of security, consider sending a small amount of crypto to the receiver’s address as a test to ensure it is correct. Although it may cost additional gas fees, it's a small price to pay compared to the potential losses resulting from sending your crypto to the scammer’s wallet.
To Sum Up
Address poisoning takes advantage of how difficult it is for traders to recall their full wallet address and the human carelessness that sometimes happens when trading. This type of scam can happen to everyone. However, a poisoned address can still be used without loss of funds if the owner always double-checks addresses or saves their addresses on apps like Obiex.