What is address poisoning and what can crypto investors do to avoid such attacks

While certain crypto scams can be caught using automated software or chain trackers, a relatively new scam technique known as “address poisoning” disguises itself in such a way that it’s virtually impossible to detect if you’re negligent.

Address poisoning, unlike phishing attacks, upgrade scams and investment scams, is not as devastating, but it can still drain resources. Let’s find out what address poisoning is and how it is performed.

What is Crypto Address Poisoning?

Address poisoning is a fraud method where malicious actors send the victim a small value of crypto or NFT from an address that shares the first and last characters with the victim’s address. The scammer then hopes that the victim would mistakenly copy this “fraud address” for future transactions, believing it to be their own. This will eventually send money to the scammer’s address instead of the desired account.

Since crypto addresses are a combination of alphanumeric characters that are difficult to remember, hackers generate similar-looking addresses using open source tools such as Profanity to trick the user.

Usually, crypto users do not check the entire string of addresses, but only the first and last letters. Even some crypto exchanges and providers only show the first and last characters to make it easier to work with. This is the loophole that fraudsters take advantage of.

So when you check your transaction history and copy an address you think is yours by only looking at the first and last four characters but skipping the middle part, you can fall into a hacker’s well-planned trap and end up sending money to them. This is how address poisoning is performed.

How to avoid address poisoning?

Address poisoning is highly dependent on the carelessness of the user, as a user who is lazy or in a hurry is likely to copy the crypto wallet address from the transaction history to transfer money.

The self-explanatory and obvious way to avoid address poisoning is to double-check your address before making a transaction. This type of attack has been known to take place on Polygon, Binance smart chain and Tron, as they have relatively lower transaction fees, making it easy for fraudsters to send small funds cheaply.

However, an address poisoning incident recently occurred on the Ethereum blockchain as well. A couple of weeks ago, Arbitrum, an Ethereum layer 2 scaling solution, airdropped ARB tokens where over 630 wallet addresses were poisoned, resulting in the loss of 933,365 ARB tokens.

The hackers swiped money from Arbitrum users who later complained that their ARB tokens had been “automatically claimed” to the hacker’s wallets. In an unexpected twist, it was later revealed that 933,365 tokens were received from another address whose owner was labeled as “Fake_Phishing18”.

According to Arbitrum’s blockchain explorer, a user under the pseudonym “Fake_Phishing18” created a malicious ARB token contract. When a user interacted with said contract, an additional transaction was created that appeared to originate from the victim’s wallet. However, this was a more advanced case of address poisoning where a hacker paired it with a phishing attack.

According to PeckShield Alert, a blockchain security firm, the hacker converted 933,375 ARB into 713 ETH worth $1.27 million and connected these tokens to the Ethereum network. Two other wallets also reportedly stole 105,000 ARB tokens, although it is unclear whether they belong to the same hacker or not.

Conclusion

Blockchain technology offers transparency and traceability of transactions, but it is also vulnerable to fraudsters who can easily find a large number of addresses from blockchain explorers to perform address poisoning attacks. The only way to avoid this attack is to always have a secure copy of your wallet address and not interact with any suspicious smart contracts shared on social media or Discord channels.