MetaMask, a popular cryptocurrency wallet provider, has set alarm bells ringing on a new crypto wallet address scam dubbed as “Address Poisioning”. In this new breed of exploit, hackers take advantage of user carelessness to drain crypto tokens from the victim’s wallet address.
The crypto ecosystem has witnessed a dramatic upsurge in various nefarious activities that have evolved over the years. As the adoption of digital assets along with Web3 rises, crypto frauds have also increased multifolds. These cyber scams have become a growing global concern, with various governments reporting an increase in the frequency of and losses from cryptocurrency shams.
A recent report revealed cyber criminals robbed digital assets worth a whopping $4.3 billion between January and November 2022. There are several types of crypto scams such as rug pull, phishing scams, pum and dump schemes and extortion emails among a string of others.
A “Poisonous” Crypto Scam
A new scam called 'Address Poisoning' is on the rise. Here's how it works: after you send a normal transaction, the scammer sends a $0 token txn, 'poisoning' the txn history. (1/3)
— MetaMask Support (@MetaMaskSupport) January 11, 2023
On January 12, MetaMask took to Twitter to reveal a new type of crypto scam that has been on the rise, of late. The digital wallet provider explained the perpetrators “poison” transaction histories by sending users tokens that are worth $0 to their wallets. Meanwhile, hackers use a “vanity” address generator that churns out an address closely matching the victim’s wallet.
The scammers then send an insignificant or zero amounts of crypto tokens to the user’s account from their vanity address. This helps to record one’s transaction history, thus, poisoning the user’s wallet. According to the oficial blogpost, address poisoning is done in hopes of getting unsuspecting users to send their funds to the wrong copycat address.
This, however, will not give the culprits access to the user wallet. But when the user copies and pastes the wrong address while making the transaction, the scammers’ account receives the digital assets. MetaMask wrote,
“All they’re hoping for is that you copy the wrong address from your transaction history in your wallet. You will then absent-mindedly send tokens directly to them, and not to the correct address.”
Ways to Protect
You can protect yourself by double-checking the full address, or by using the Address Book feature. If you need help: 'Menu > Support' in-app, or from the web: https://t.co/7YSoVzs7wa – 'Start a Conversation' button, the chatbot will ask a few questions. 3/3
— MetaMask Support (@MetaMaskSupport) January 11, 2023
MetaMask also specified ways to protect oneself from such scam emphasizing it would be best to check every single character of the wallet address to make sure that the funds will be sent to the correct wallet. The firm urged users to stop copying wallet addresses from their transaction histories and use their address book when sending digital assets.
Moreover, it also recomended users to use hardware wallets as these wallets require an individual to check and confirm any address they are sending to before allowing them to complete the transaction.
