Contents:
In order to deceive users into sending money to a scammer instead of the intended recipient, a new scam known as “Address Poisoning” has surfaced, according to cryptocurrency wallet service MetaMask.
In contrast to other frauds, which frequently employ techniques that have proven successful for many scammers (such as limitless token approvals, phishing for your Secret Recovery Phrase, etc.), address poisoning is an attack vector that prioritizes user negligence and haste.
How Does The Scam Work?
According to BleepingComputer, the creators of MetaMask have released a new post alerting users of a new fraud known as “Address Poisoning,” which works by contaminating the wallet’s transaction history with scammers’ addresses that are very similar to addresses with which a user recently transacted.
To conduct the scam, threat actors monitor the blockchain for new transactions. After selecting their target, a vanity address creator is used to create a similar address to the original, if not almost exactly the same as the one involved in the recent transaction.
The threat actor then uses this new address to send the intended sender’s address a token transaction for $0 or a tiny amount of cryptocurrency so that the transaction shows up in their wallet’s history. Due to the threat actor’s address being similar to a user’s previous transaction, and as MetaMask shortens the addresses in their transaction history, users can be easily fooled into sending cryptocurrency to the attacker instead of the intended person.
The attacker then expects that a user would find the most recent transaction, which in this example is from the attacker, and send cryptocurrency to the scammer’s address instead when they need to send it to someone they’ve already sent it to.
On MetaMask, transactions require additional costs known as “gas”, which have to be covered even for negligible amounts. Threat actors are willing to invest money in the hopes of a much larger payout.
MetaMask is warning users to act with caution when copying addresses from transactions because there is currently no method to prevent these malicious transactions from taking place on the blockchain.
Recommendations From The Developers
MetaMask developers compiled a list of recommendations for users to protect themselves which touch on the following points:
- Check and double-check addresses before you send
- Avoid copying addresses from your transaction history, and, if you do, check them very carefully
- Use a hardware wallet
- Add frequently used addresses to your address book
- Consider using test transactions
For the full explanations, you can check the post from MetaMask here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
