Introduction to Address Poisoning

Address Poisoning is a relatively new but increasingly prevalent scam in the cryptocurrency world. This scam exploits a common user behavior in the crypto community: copying and pasting wallet addresses. Due to the complexity and length of blockchain addresses, most users rely on copying and pasting these addresses for transactions. Scammers take advantage of this by creating wallet addresses that closely resemble legitimate ones, tricking users into sending funds to the wrong address.

Mechanism of the Attack: Understanding Address Poisoning in Crypto Wallets

Address poisoning is a sophisticated scam targeting cryptocurrency users, particularly those using Ethereum and Ethereum Virtual Machine (EVM) compatible blockchains like Binance Smart Chain and Polygon. The mechanism behind this attack is both cunning and simple, exploiting the general user behavior of copying and pasting wallet addresses for transactions.

Targeting EVM-Compatible Blockchains

Scammers specifically target users of EVM-compatible blockchains due to their popularity and widespread use. These platforms, known for their low transaction fees, are ideal for scammers as they can execute their fraudulent activities on a large scale without incurring significant costs.

The Creation of Vanity Addresses

The core strategy in address poisoning involves the creation of what is known as a “vanity address.” This is a custom-made address that closely resembles the victim’s own wallet address. The attacker meticulously crafts these addresses to have a specific set of characters that match the beginning or end of the target’s genuine address. To an unsuspecting eye, these addresses appear almost identical to the legitimate ones.

Exploiting User Behavior

Once the vanity address is created, the scammer then initiates a small transaction, sending a negligible amount of cryptocurrency to the victim’s wallet from this fraudulent address. This action poisons the victim’s transaction history, embedding the vanity address among legitimate transactions.

The Risk in Transaction Histories

The danger arises when users, following their usual practice, copy an address from their transaction history for a new transaction. In the haste of operations and due to the striking similarity, there is a high likelihood of copying the vanity address instead of the intended one. When the victim executes the transaction, their assets are inadvertently sent to the scammer’s address.

Safety of Assets and Private Keys

It’s important to note that while address poisoning poses a significant risk to the assets being transferred, it does not compromise the safety of the assets stored in the wallet or lead to the leakage of private keys. The attack is purely based on deceiving the user into sending funds to the wrong address.

Prevalence on Various Blockchains

While this type of attack can occur on any blockchain, scammers often choose networks like Polygon, Avalanche, and Binance Smart Chain for their lower transaction fees. These blockchains’ cost-effectiveness allows scammers to target a vast number of addresses without incurring substantial expenses.

Public Nature of Blockchains

The public nature of blockchains plays into the hands of these scammers. Since all addresses and transactions are a matter of public record, it is relatively easy for attackers to scan block explorers, identify a large number of active addresses, and send spoofed transactions to them. This broad targeting increases the chances of successful deception.

In summary, address poisoning exploits common user behaviors in the cryptocurrency realm, leveraging the subtle manipulation of wallet addresses to misdirect funds. The attack is a stark reminder of the importance of vigilance and meticulous verification in all crypto transactions.

What is SAFE Wallet?

SAFE Wallet is a MultiSig wallet tailored for decentralized co-management of digital assets. It offers self-custody, mitigating risks associated with traditional banking systems. The wallet is designed for DAOs, groups, and enterprises, ensuring security through a multi-signature system. This system requires a consensus among multiple stakeholders for transactions, enhancing security over single-key wallets.

Key Features

Multi-Signature Security: Requires multiple approvals for transactions, protecting against unauthorized access.

  • Transaction Batching: Enables sending multiple transactions simultaneously.

  • Fraud Monitoring: Provides additional security against fraudulent activities.

  • DeFi Compatibility: Allows interaction with decentralized finance platforms.

User Accessibility

SAFE Wallet is accessible to a broad range of users, including individuals, financial institutions, and various groups.

Setting Up

To create a SAFE account, users connect a signer wallet and then proceed to set up the SAFE Wallet by selecting “Create New Safe” and naming their Safe. This name is stored locally for privacy.

In summary, SAFE Wallet is a robust platform for secure, decentralized asset management, suitable for a variety of users.

Address Poisoning Against SAFE Wallet

SAFE Wallet users have been the victims of significant address poisoning attacks, with over $5 million stolen from 21 victims in just four months. In these attacks, scammers created wallet addresses similar to those of the victims. They then sent small amounts of cryptocurrency from these fraudulent addresses to the victims’ wallets. When the victims later attempted to make transactions, they mistakenly copied the scammer’s address and sent large sums to the wrong recipient.

Example of an Address Poisoning Attack

An example of this attack can be seen in a tweet from Scam Sniffer’s Twitter. In this tweet, Scam Sniffer highlights a particular instance of address poisoning, providing insight into how these scams are orchestrated and the devastating impact they can have on unsuspecting victims.

another Safe Wallet lost $30k to an "address poisoning" attack about 10 hours ago.

the victim's transfer history was contaminated by the attacker 12 days ago.

https://t.co/ANJfKYQ3is  https://t.co/KVzExnOnfS  pic.twitter.com/7sTSL1jlyS— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 5, 2023

Conclusions and Recommendations

To combat address poisoning, users must be vigilant and adopt safer transaction practices. This includes double-checking every character of the recipient’s address, using address book features in crypto wallets, employing hardware wallets for added security, and considering test transactions for large sums. Staying informed about the latest scams in the cryptocurrency space is also crucial for protection. While address poisoning is a sophisticated scam, awareness and careful transaction habits can significantly reduce the risk of falling victim to it.However, users can take several steps to protect themselves:

  1. Double-Check Addresses: Always verify every character of the recipient’s address before making a transaction. This is the most reliable way to avoid falling for an address poisoning scam.

  2. Use Address Book Features: Most crypto wallets offer an address book where you can save trusted addresses. Using saved addresses instead of copying from transaction histories can significantly reduce the risk of copying a poisoned address.

  3. Hardware Wallets: Using a hardware wallet can add an extra layer of security. These wallets often require users to confirm addresses on the device itself, which can help in catching a poisoned address.

  4. Test Transactions: Sending a small amount first and confirming its receipt can be an effective, albeit sometimes costly, way to ensure the correctness of the recipient address.

  5. Stay Informed: Regularly updating oneself on the latest scams and security practices in the crypto space is crucial for staying safe

Address poisoning highlights the need for vigilance in the cryptocurrency space. Users should always be cautious and double-check every transaction detail, as the decentralized nature of cryptocurrencies means that transactions are irreversible and lost funds may not be recoverable.