Cryptocurrency users of any level of experience are increasingly falling victim to a technique called “address poisoning.” Chainalysis recently uncovered the tactic that generates false wallet addresses to provide attackers with information on how to trick users into sending their funds to the bogus addresses.
This campaign, which targeted primarily those holding significant balances, has identified more than 82,000 wallets. This scam works through human error and exploits the publicly available blockchains to pick up wallets containing an attractive amount.
For instance, one user lost $57,000 after pasting a poisoned address from the history list. The loss proves that even the most experienced users may fall victim to this deceitful method.
🚨💔 42 minutes ago, a victim lost $57,000 by copying the wrong address from a contaminated transaction history.
Note: Never copy addresses from transaction history. 🚫📋 pic.twitter.com/ypjn8iMOcO
— NODE GUARD SOLUTION. (@NodeGuard_Pro) October 23, 2024
How The Attack Works
A poisoning attack typically incorporates a set of fake addresses constructed to look similar to legitimate ones by sometimes only changing the first few digits and the last few digits. Crypto users normally check only those parts of an address, which makes it easy for attackers to fool them.
The person in the image above is looking to buy such a toolbox. Source: Chainalysis
These kinds of fake addresses are sometimes distributed by zero-value tokens, in which a scammer sends the victim a token worth nothing to make him believe that the address is valid.
Unlike most hacks, this attack does not try to directly access a user’s wallet but relies on the fact that a careless user might accidentally paste the wrong address of a recipient during a transaction. Once they are sent down the drain, these funds are gone.
Recent Major Losses And Response
The most significant attack in 2024 was that of $68 million in losses made by draining Wrapped Bitcoin (WBTC) from a single wallet using this trick. Fortunately, the exploiter returned the funds after siphoning off $3 million when they were surfing price surges on Bitcoin.
According to Chainalysis’s investigation, the attackers employed a concentrated attack from fewer numbers of wallets, and indeed, eight major wallets produced fake addresses.
Despite massive losses endured, the success rate for address poisoning is pretty low. Of all the wallets attacked 756 users succeeded in avoiding major losses by sending small test transactions or being cautious. Even that creates confusion in some cases where the scammer mimicked their users’ wallets. However, the utilization of ENS addresses or other formats will cut the risk.
Meanwhile, similar scams have been seen on the Binance Smart Chain and Toncoin (TON) networks, so Binance now flags zero-value transactions to help protect its users. While some of the biggest heists eventually got refunded, the majority of the smaller sums continue being laundered through decentralized finance (DeFi) protocols and exchanges with looser regulations.
As this threat evolves, more block explorers are beginning to flag suspicious transactions, giving users better chances at avoiding these scams.
Featured image from Financial Times, chart from TradingView
