
-
Creation of Similar Addresses: Attackers generate cryptocurrency addresses that look very similar to the victim’s actual addresses. This can be done by using similar characters or slight variations that might be hard to spot at a glance (e.g., using ‘1’ instead of ‘l’ or ‘0’ instead of ‘O’).
-
Sending Small Amounts (Dust): The attacker sends a very small amount of cryptocurrency (often called “dust”) from these similar-looking addresses to the victim’s wallet. This action adds the attacker’s address to the victim’s transaction history or address book.
-
Leveraging Human Error: The hope is that when the victim is about to send cryptocurrency, they might accidentally copy or select the wrong address from their transaction history or address book, thinking it’s their own or a trusted address.
-
Execution of the Scam: If the victim does send a large amount to this poisoned address, the funds go to the attacker instead.
Key points to understand about address poisoning:
-
Prevention:
-
Always double-check the address before sending funds.
-
Use address verification methods if available (like QR codes or integrated wallet address books that confirm recipients).
-
Be wary of any unsolicited transactions, especially those with very small amounts.
-
-
Detection:
-
Regularly review your transaction history for any unexpected small transactions.
-
Use wallet software that flags or alerts for transactions from unknown or suspicious addresses.
-
-
Mitigation:
-
If you notice small, unexplained deposits, do not send any funds to new addresses without thorough verification.
-
Some wallets allow you to block or filter transactions from unknown addresses.
-
-
Education:
-
Educating users about this scam is crucial since it relies heavily on human error or oversight.
-
Address poisoning is particularly effective in environments where users are not vigilant about checking addresses or where the user interface does not provide clear warnings or verifications. As always, security best practices like using hardware wallets for significant transactions and maintaining good cybersecurity hygiene can greatly reduce these risks.