MetaMask and Ledger Warn Users on Address Poisoning Scams

  • Users’ absent-mindedness makes them the prey of Address Poisoning scams.  
  • The crypto addresses of scammers resemble the users’ addresses.

Popular Crypto Wallets MetaMask and Ledger have begun educating the crypto community about what “address poisoning” scams are. Bankruptcies, liquidity crashes, hacks, exploits, and scams created a horrendous scene in the crypto market. From rug pulls, ponzis to phishing and cache poisoning, scams of every kind have spiked lately, wiping users’ funds. Out of those, the address poisoning scam managed to show up in the spotlight. 

MetaMask stated in their blog post:

“Address poisoning is an attack vector that, in contrast to other scams — which often use methods that have served many scammers so well, such as unlimited token approvals, phishing for your Secret Recovery Phrase, etc. — relies on user carelessness and haste above all else.”

Working Principle of Address Poisoning Scams

Every account address is a cryptographic string of hexadecimal characters – a combination of numbers and alphabets. Crypto users’ wallet/account address is the main tool of this scam type. A scammer generates a dummy or vanity address that closely matches the user’s address. Moreover, the dummy address’s start or end characters are similar to the user’s and difficult to distinguish. 

Usually, to initiate address poisoning, scammers send insignificant or zero amounts of crypto tokens to a user’s account from their vanity address. In this way, the scammer’s address, doppelganger to the user’s address, is recorded in one’s transaction history. In the end, this poisons the user’s wallet.

The Ledger team pointed out:

“The scammer is now hoping that you will grab their address from your transaction history and send funds to their account by mistake.”

When a user copies and pastes the wrong address while making transactions, the scammers’ accounts receive the crypto assets. A slight matter of users’ carelessness paves way for scammers to extract cryptos from their accounts. Hence, due to absent-mindedness, users cause self-destruction.

The only way for users to guard their accounts against getting poisoned is – Avoid the copy-and-paste of the deposit address from their transaction history. Because the act of users copying the dummy address from the wallet archive favors scammers in all aspects.

MetaMask and Ledger recommend users carefully check the addresses displayed on their respective wallets from start to end before making a transaction. As blockchain transactions are immutable, it is highly advisable to properly check the inputs given from the users’ end to initiate a transaction. 

A perpetual learner who loves writing. Passionate about investing her time and zeal to explore the crypto world. Curiosity and creativity are her superpowers.