Address Poisoning: A New Scam Targeting Crypto Wallets

In the world of cryptocurrency, scammers are always looking for new ways to steal from unsuspecting victims. MetaMask warns about one of the latest tactics scammers use, called “Address Poisoning.”

This scam relies on tricking people into sending their cryptocurrency to a fake address that looks similar to a legitimate address they’ve recently used, by poisoning the wallet’s transaction history with scam addresses.

We’ll explain how the scam works and possible evidence you can find as an investigator.

The Risks of Convenient Abbreviated Wallet Addresses

When it comes to managing cryptocurrency, there are a variety of wallets available, each with its own pros and cons. However, one potential problem with all of them is the use of abbreviated address labels. 

These labels make it easier to read and recognize a wallet address, but they also open the door to scammers who can create similar-looking addresses. 

This is known as the “Address Poisoning” scam. For instance, a legitimate address might be “0x242b3a54b7d8e35c29c9f5a9f”, but it could be shortened to “0x242…5a9f” for ease of reading. 

If a fraudster creates an address that is similar, such as “0x242b3a6c53fx7e78dd68f5a9f”, the average user can find it difficult to spot the difference as both addresses will appear as “0x242…5a9f” when shortened. 

This is particularly an issue when viewing the address in the context of a transaction history, where the wallet software displays multiple addresses in a short format. 

Therefore, it is important to be extra cautious when copying and pasting addresses and to always double-check the full address before sending any cryptocurrency. 

How the Scam Works

      • First, the attacker keeps an eye on the blockchain for new transactions. 

      • Next, using a vanity address creator, they create a custom address that looks almost identical to the address used in a recent transaction when shortened. 

      • Then, they send a small amount of cryptocurrency, or even a token worth nothing, to the targeted user’s address.

    This makes it appear in their wallet’s history. Since a lot of wallets shorten the addresses in the transaction history, it can appear as if the transaction is coming from the same sender. 

    The attacker’s goal is that when the user wants to send cryptocurrency to someone they’ve sent to before, they will find the most recent transaction, which in this case is from the attacker, and send the crypto to the scammer’s address instead.

    How Investigators Can Investigate “Address Poisoning” Scams

        1. Analyze the transaction history: Investigators can search for suspicious transactions that may have been part of the “Address Poisoning” scam by analyzing the transaction history of the victim’s wallet. 
        2. Trace the funds: By tracing the funds from the scammer’s address, investigators can identify any other wallets or addresses that may be connected to the scammer. This can include wallets or addresses that the scammer used to receive or send funds, or wallets or addresses that may be connected to other scams.
        3. Use Blockchain Analytics tools: QLUETM helps investigators identify patterns in the transaction history that may indicate a scam. It can also help investigators to identify the origin of the funds, how they were moved and the wallets that are related to the scam.

      By following these steps, investigators can gather the necessary information to identify the scammer and bring them to justice.

      Protecting yourself

      Don’t fall victim to address poisoning. There are several steps you can take to be safe:

          • Be diligent when copying addresses from transactions: Instead of clicking on the short-form address in MetaMask transactions, which copies it automatically to the keyboard without showing the full address

          • Use MetaMask’s built-in Address Book feature: This feature allows you to save known, valid cryptocurrency addresses for people or services you commonly send transactions to.

        Address Poisoning is a scam tactic that is becoming increasingly popular among attackers. By understanding how the scam works and taking the necessary steps to protect yourself, you can reduce your risk of falling victim to this type of attack. 

        Blockchain Intelligence Group is the crypto investigations and training company that helps win court cases, recover digital assets, and train independent, finance, and law enforcement investigators. 

        Learn more about how we help investigators.

        Written By: Omar Marzouk
        Writer, Content marketing at Blockchain Intelligence Group


        • Solutions
        • Training
        • Resources
        • Support