New Scam Alert - Address Poisoining

[BossTrack]

Scam alert: Metamask warns crypto users about address poisoning

While exploring the Binance news tab I found this article which highlights how a hacker is stealing the crypto assets by switching the address by matching the characters we normally use to send funds so beware of copying and pasting the recipient address no matter what kind of wallet your using and crosscheck all the characters not prefix and random alone.

I will quote the important part of the article and will leave the link below.

While the attempt would not give the hackers access to user wallets, people who may have gotten into the habit of copying their wallet address from the transaction history before sending digital asset balances could potentially send their funds to copycat addresses.
Because of this, the wallet provider warned users always to be careful and double-check their transactions before sending their balances. The firm highlighted that it would be best to check every single character of the wallet address to make sure that the funds will be sent to the correct wallet.

source: Scam alert: MetaMask warns crypto users about address poisoning

If only these scammers could apply their creativity to something productive. Thanks for the heads up bro.

[Baofeng]

And this could be related to this, What is a Clipboard Hijacker?.

Clipboard hijacking is more advanced than this if I am not wrong where the hacker replaces the recipient address with his desired destination address, but the attack explained in the article says the hacker doesn't replace the address but matches the address with similar one and hoping the victim will choose the wrong address and send funds to it.

Yes, but that point is that you really need to be sure on the address that you are going to send, which means you really have to check everything multiple times so that you won't be another victim of this kind of scams.

@BossTrack - or if this criminals would have used their talents to make the crypto market better, instead of taking advantage of it, might be a different world after all. But it is what it is, they are tag are cyber criminals and so they don't have any feelings for their victims as long as they can get the money from their unsuspecting victims.

[vv181]

~

It is completely different, clipboard hijacking changes the address fully, but on address poisoning, it did not technically change any address. This specific scam, the scammer makes use of user behaviour when they are using a wallet. Most of them copy an address from the last transaction from their wallet, which in turn, this is the part where the scammers get in.

Do also note that there is also a web extension malware who are similar to clipboard hijacking but the displayed address is not changed visually but within. So, the displayed address is kept but when the user clicks the action either withdraw or anything, the address that is actually being sent is changed.

It has to change at least one character of the address. It could be a letter or number. Scammers can forge almost identical addresses, but not exactly ones. The point is that they rely on the fact Metamask displays only the summed up version of the address, so not everyone checks it completely, especially the characters of the middle.

To avoid being scammed, better to only copy addresses from valid transactions or from a saved notepad file, instead of going for the most recent transactions' history on Metamask.

We are talking about the misinterpretation of clipboard hijacking with this kind of attack. Which is completely a different kind of scam. One is because of malware, and the other is because of users' carelessness.

I know that address poisoning attacks are making use of the general most of wallet last transaction address and deceiving user behaviour, combined with profanity address of the user owned/interacted address, it is the way of how it works.

~which means you really have to check everything multiple times so that you won't be another victim of this kind of scams.

Another solution to prevent this kind of attack is to utilize the saved address feature if the wallet has one. For example, Metamask has an address book feature that can be utilized to save addresses. Although, your solution does indeed the safest solution. Actually, rechecking an address should be a habit of cryptocurrencies users.

[Sayeds56]

Scam alert: Metamask warns crypto users about address poisoning

While exploring the Binance news tab I found this article which highlights how a hacker is stealing the crypto assets by switching the address by matching the characters we normally use to send funds so beware of copying and pasting the recipient address no matter what kind of wallet your using and crosscheck all the characters not prefix and random alone.

I will quote the important part of the article and will leave the link below.

While the attempt would not give the hackers access to user wallets, people who may have gotten into the habit of copying their wallet address from the transaction history before sending digital asset balances could potentially send their funds to copycat addresses.
Because of this, the wallet provider warned users always to be careful and double-check their transactions before sending their balances. The firm highlighted that it would be best to check every single character of the wallet address to make sure that the funds will be sent to the correct wallet.

source: Scam alert: MetaMask warns crypto users about address poisoning

Thanks for sharing this useful information, we should be more diligent while making transactions from wallets & preferably use save address book feature . This scam has been reported recently in media but hackers have already stolen huge amount of funds from wallets. Though Mestamask team is making consistent efforts to make their wallet more secure but scammers always come up with new idea to breach security system, which suggests that a lot more need to be done to improve security systems to build confidence of investors on crypto.  

[SirLancelot]

If only these scammers could apply their creativity to something productive. Thanks for the heads up bro.

What about scamming, isn't that productive? Because, productive means the person is moving and doing things which benefits them. Scammers benefits from scamming and this is where they earn money. Maybe what you mean is they better apply their talent on something which aren't illegal and they can't cause a harm to others. It is possible. I've seen a lot of hackers who change for the better but it's not going to an easy process. The feeling can be the same if you are addicted to something else.

Thanks to the OP for alerting us to this new scam technique. As long as we stay to be informative or vigilant, we can possibly avoid them easily.

[TimeTeller]

If only these scammers could apply their creativity to something productive. Thanks for the heads up bro.

What about scamming, isn't that productive? Because, productive means the person is moving and doing things which benefits them. Scammers benefits from scamming and this is where they earn money. Maybe what you mean is they better apply their talent on something which aren't illegal and they can't cause a harm to others. It is possible. I've seen a lot of hackers who change for the better but it's not going to an easy process. The feeling can be the same if you are addicted to something else.

Thanks to the OP for alerting us to this new scam technique. As long as we stay to be informative or vigilant, we can possibly avoid them easily.

That is  correct, that is their productive way of wasting their time - scamming people.
We can't expect all people to earn money via legal means because some people will resort to screwing other people.
Since we are dealing mostly in anonymous market, these scammers are free to use all their skills without disclosing their identity.
It is now on how our hands how we can avoid this type of people or how to prevent from being scammed by diligently doing our part before jumping any click-bait offers.

[jrrsparkles]

This isn't really a new scamming technique, this has been done in the past but possibly the new term for that invented recently, the thing from the article its happening on ethereum network so everyone who is transacting on that network has to be extra careful than we used to be because generally we receive lot of tokens from various reasons so we don't really give attention to it so while copying make sure the complete address matches with the designation so can avoid poisoning or clipboard hijacking.

[adaseb]

I had this happen about a month ago, if you search my nick you can find my thread on it. I was very puzzled because it looked like someone had my private keys because a transaction came out of my own wallet. However apparently for some reason you can send 0 ETH from a wallet that is not yours. Then it looks like your key can be compromised.

However etherscan at least is not showing these transactions anymore. So they won’t appear and decreases the chances of actually copying the wrong address. Very sneaky how they make the first few characters the same to fool many people.

[hitsnorth]

Damn, thanks for the info. I never heard anything like this before. I'll try to be more careful in the future.

[Eureka_07]

<snip>

Glad to see this. I hope that this post will be seen by those peeps out there that are lazy or feel that the address that they put to the receiving address textbox is free-of-error.
Personally, I always check the address (each character) multiple twice, thrice, or sometimes multiple times so just to secure that I am copy-pasting the right address.