The Pipeline Knowledge Graph

Address poisoning attacks

3 min read

From: thepipeline_xyz

Address poisoning is a type of attack in the crypto space where malicious actors exploit the way cryptocurrency addresses are displayed and how users interact with their transaction histories [00:00:00].

What is an Address Poisoning Attack?

An address poisoning attack occurs when an attacker monitors an individual’s crypto transactions [00:00:11]. Upon detecting an incoming or outgoing transaction, the attacker immediately sends a small transaction to the victim’s wallet [00:00:13]. The crucial element of this attack is that the address used by the attacker is crafted to look very similar to a legitimate address the victim has previously interacted with, such as their own second wallet or a frequently used recipient’s address [00:00:16].

How it Works

  1. Monitoring Transactions [00:00:11]: Attackers observe public transaction ledgers, like EtherScan, to identify users and their transaction patterns [00:00:07].
  2. Crafting a Similar Address [00:00:18]: The attacker creates an address that closely mimics a legitimate one used by the victim. This often involves ensuring the fake address has the same initial and final characters as the genuine address (e.g., both start with “0x11” and end in “563FD”) [00:00:23]. This tactic exploits the fact that many block explorers or wallet interfaces truncate the middle part of long addresses, showing only the beginning and end [00:00:33].
  3. Sending a “Poisoning” Transaction [00:00:13]: The attacker sends a minimal amount of crypto (e.g., 0 ETH) from this similar-looking address to the victim’s wallet. This transaction then appears in the victim’s transaction history [00:00:09].
  4. Victim’s Mistake [00:00:37]: If the victim is not paying close attention, they might scroll through their transaction history to find an address they want to send money to. Seeing the similar-looking address from the attacker’s poisoning transaction, and possibly mistaking it for their own or a trusted recipient’s address, they might inadvertently copy it [00:00:39].
  5. Fund Loss [00:00:50]: The victim then sends a large amount of money to this copied, fraudulent address, unknowingly sending their funds directly to the attacker [00:00:50].

Consequences

Many individuals have fallen victim to these attacks, resulting in the loss of substantial amounts of cryptocurrency [00:00:51].

Prevention

To protect against address poisoning attacks:

  • Be Aware [00:00:54]: Understand that these types of fraudulent transaction tactics exist.
  • Verify Directly [00:00:57]: Always copy and paste addresses from their direct, original source (e.g., your wallet’s send function for your own address, or a trusted contact’s direct communication). Do not rely on past transaction history for copying addresses, especially if you have had multiple small transactions [00:00:57].
  • Exact Match Verification [00:01:03]: Before confirming any transaction, meticulously verify that the entire address you are sending to is the exact address you intend [00:01:03]. It’s recommended to check not just the first and last few characters, but several characters throughout the address.

Graph View