- MetaMask alerted users about new scamming methods ‘address poisoning.”
- The crypto wallet provider urged users to be careful and observant when making transactions.
- MetaMask lists ways to avoid address poisoning.
The popular crypto wallet, MetaMask, published a post alerting the crypto community about a new scamming method currently trending among scammers in the Web3 space.
On January 11, MetaMask, a global cryptocurrency wallet, alerted users of its discovery. Posting a thread on Twitter, it stated that scammers now discovered a method called “Address Poisoning.”
What is Address Poisoning?
This is explained to mean when an attacker creates addresses or codes similar to a victim’s, the pseudo-addresses share the same first and last few characters, letters, and digits with the victim’s address, making the victim unsuspecting of the looming danger.
Address poisoning can only be successful due to the victim’s negligence. Most people do not memorize the entirety of their wallet address but only the first or last 5-10 characters, skipping the middle characters.
How Does Address Poisoning Work?
According to MetaMask, scammers create wallet addresses similar to their victim’s through a vanity address generator. This scamming method works mainly through copying and pasting. This is because wallet addresses are so long, and most users cannot identify all characters in a wallet address, so they memorize the first few characters (between 5-10) and the last.
The scammers hope that users will make the mistake of not verifying every character in a wallet address when making certain transactions, so they watch out for their next victim.
MetaMask reported that these scammers could track a user’s transactions with the help of software that monitors the transfer of some tokens, such as stablecoins. These scammers lock on to the wallet address of their choice and create an address that resembles the victim’s address.
Since most users never bother to memorize or verify the middle contents of a wallet address, it’s easy for the scammer to carry out their illicit plans. After generating a copycat wallet address through a vanity address generator, the scammer sends an amount from another account into the similar pseudo wallet they created.
The usual amount sent into the victim’s account is $0, and by doing this, the scammer has successfully poisoned the victim’s address. With this new wallet address, the victim who failed to cross-check their wallet address may copy it from their transaction history and paste it onto whatever platform they wish to interact with.
According to MetaMask, once the victim pastes the pseudo address to send or receive cryptocurrencies, they send the funds to the scammer’s address. Since “on-chain transactions like this are immutable, the lost funds are irretrievable.”
How to Avoid Address Poisoning?
In its public message to all users, MetaMask urged that everyone be careful and vigilant of their wallet addresses and passwords when interacting with any blockchain platform.
According to the popular crypto wallet, it was impossible to stop people, attackers included, from sending cryptocurrencies to anyone’s address; hence, users must exercise patience when performing transactions on any blockchain network.
MetaMask stated that almost anyone could fall prey to address poisoning. However, it provided users with recommendations on how to avoid being a victim of address poisoning.
1. Thoroughly check the wallet address.
Every user about to perform a transaction must be attentive to ensure that the addresses they are inputting are correct and that no single character is out of place. “Make particularly sure the address is correct if the assets you send are of considerable value to you,” MetaMask warned.
2. Stop copying addresses from the transaction history.
Although copying and pasting wallet addresses is easier and faster when performing a transaction, every user must retrieve their wallet address from its source (any DApp providing the address).
3. Save frequently used addresses in an address book.
Saving frequently used addresses would eliminate the chances of falling prey to address poisoning. This setting could be found in MetaMask by checking its “settings” and “contacts.”
4. Perform test transactions
Before sending or receiving the intended amount into any wallet, perform a test transaction by first sending a small amount to the address to confirm the credibility of the address.
MetaMask, a cryptocurrency wallet provider, published a post alerting users of the new scamming method called “address poisoning,” which requires unsuspecting victims to copy and paste pseudo addresses created by the scammer.