Wallet Address Poisoning - How to Secure Your Transactions From Hackers
Can you identify a poisoned wallet public address?
If not, you are vulnerable to address poisoning attacks like this crypto user who lost $5,000 worth of crypto assets.
It is really simple to avoid an address poisoning attack if you understand this type of attack and what to look for.
Otherwise, ignorance will put your hard-earned crypto assets at risk.
Example Of A Real Address Poisoning Attack
A crypto user wanted to move 5,000 USD worth of cryptocurrency from his Ledger wallet to his Binance wallet.
He copied what he thought was his Binance wallet public address into the Ledger 'Recipient Address' field and proceeded with the next steps.
Unfortunately, he had copied a poisoned wallet public address instead, and those 5,000 USD worth of crypto were sent to the hacker.
This is the whole story:
Post by u/ImThour.
Published at Reddit.
ImThour has kindly agreed to let us share his story so others can learn from it and take steps to prevent it from happening to others. We thank him for his generosity.
We all make mistakes out of a lack of knowledge or awareness.
But never give up; we learn from them and keep moving forward.
Or, we can learn from the mistakes of others who are kind enough to share their experiences, helping us to avoid similar pitfalls.
How Does Address Poisoning Work
The attacker initiates the address poisoning attack by sending a small amount of cryptocurrency to your wallet.
The intention behind this move is to "poison" your transaction history. As a result, the transaction becomes recorded in your account's history.
This scam is particularly deceptive because the scammer's wallet address looks similar to yours.
Note the similarity between ImThour's wallet public address and the hacker's wallet public address:
- ImThour's Binance wallet address: 0xdd1b7ce698d0d58cd521a9c186e6a95cf043614c
- Hacker's wallet address: 0xdD1f22080CF69E1B1A92D33E8f3d6a766447614c
The scammer hopes you might inadvertently select their address when you make a transaction, believing it to be yours.
This trick is designed to prompt you into sending funds to the scammer's address by mistake.
It relies on the fact that individuals often pay attention only to an address's first and last characters while overlooking the characters in between.
We very much doubt that such an attack would work nowadays because there is no opportunity to copy a poisoned address. This is what the Binance "deposit' process looks like nowadays.
But, in a hot wallet, you may fall victim to an address poisoning attack by copying the address from a past 'recipient address' transaction and using it as a 'recipient address' for a new transaction.
You may be asking yourself:
How can the hacker create wallet public addresses with the same start and finish characters as the victim's address?
Addresses with specific prefixes and suffixes can be created using vanity address generators. For example, as its name suggests, the Ethereum vanity address generator page can be used to generate Ethereum vanity addresses.
And the same sort of generators are available to generate vanity addresses for other blockchains. E.g., Bitcoin vanity address generator.
What Can You Do To Prevent Falling Victim For An Address Poisoning Attack
It is simple:
Verify the whole public address every single time you make a transaction.
It is common to try to save time by only verifying the first and last characters instead of verifying the whole string.
But this is a very bad practice because you already know that this is not sufficient:
- ImThour's Binance wallet address: 0xdd1b7ce698d0d58cd521a9c186e6a95cf043614c
- Hacker's wallet address: 0xdD1f22080CF69E1B1A92D33E8f3d6a766447614c
By verifying the full wallet's public address, you can identify and prevent the following:
- Address poisoning attacks
- Clipboard hijacks
___________________________________________________________________
Knowledge and awareness will protect your crypto assets from hacks, scams, and accidents.
If you are still learning about cryptocurrency wallets, addresses, keys, and seed phrases, the following articles contain the knowledge you are looking for:
Wallet Public Address: The Unique Identifier to Safe Transactions
The Importance Of Crypto Public Key For Cryptocurrency Security
Crypto Private Key: Manage and Protect Your Digital Wealth
Seed Phrase: Why It Is Important to Safeguard It?
The Role Of The Derivation Path For Wallet Recovery
___________________________________________________________________
Congratulations on completing this 5-minute digital safety power-up.
We hope this 5 minutes read was worth the time and that you have learned some valuable information.
