As we all know that the rate of Address Poisoning victims are continually increasing especially for MetaMask users and other similar cryptocurrency wallets. Having a cold hardware wallet reduces the chances of getting hacked and also habit of continual scrutiny.
What is Address Poisoning?Address poisoning is a new phishing attack that involves changing the Secret Recovery Phrase, then modifying the transaction history. The main difference between address poisoning and the usual scamming technique is that address poisoning heavily relies on the user’s carelessness.
When MetaMask users send or receive cryptocurrency, it appears in the wallet transaction list. While both wallet addresses look identical in their short form, they could be completely different, easily confusing MetaMask users.
Measure Your SafetyMetaMask developers had warn of a new scam called 'Address Poisoning' that relies on poisoning the wallet's transaction history with scammer's addresses that are very similar to addresses that a user recently had transactions.
The threat actor monitors the blockchain for new transactions to conduct the scam. After selecting a target, they use a vanity address creator to create an address very similar, if not almost exactly the same, as the one involved in the recent transaction.
How it worksIndeed, crypto wallet addresses are very hard to remember, because of the cryptographically generated hexadecimal numbers. Hackers tend to instill these new addresses in the counterfeit transaction history, and usually, there’s no visual difference between the actual crypto wallet address and the fake one.
Secondly, once the scammer has created a similarly-looking crypto wallet address, the evildoer sends a transaction of a small value to the newly created dummy wallet. After this happens, the user’s crypto wallet is ‘poisoned.’ This is because the transaction history on MetaMask or any other DeFi wallet shows the hacker’s new address, which is visually unidentifiable as different. Most crypto enthusiasts visually indicate their wallet by the starting and ending characters, while the middle part of an address is rarely remembered.
Finally, this creates an opportunity for the hacker to contaminate the wallet dummy addresses. The next time the unsuspecting user tries to copy the crypto wallet address from the transaction history, the funds might end up in the almost identically-looking hacker’s wallet.
How to Prevent this from happening There are a few methods to prevent scammers from stealing your money:
√ The easiest solution to this problem is simply double-checking the crypto wallet addresses before sending the funds. They use an address with the same first & last few characters as the real transaction you sent; in hopes you will not check the full address, and instead copy theirs in a future transactions.
√ Having an address book instead of copying crypto wallet addresses from personal transaction history should solve the problem. In this way, there are two issues immediately fixed. Firstly, the wallet owner won’t have to copy-paste the addresses, erasing the possibility of copy-pasting the bogus address. Moreover, the address book requires confirmation before putting addresses on it. The hapless hackers cannot change the addresses submitted by the wallet owner.
√ The most effective way of rescuing oneself from this hassle is to have a
cold wallet. A self-custody wallet not connected to the internet is less susceptible to fraudulent phishing attacks by evil computer geniuses.
Reference:
https://www.google.com/amp/s/m.investing.com/news/cryptocurrency-news/what-is-address-poisoning-everything-you-need-to-know-2980300%3fampMode=1https://www.google.com/amp/s/www.bleepingcomputer.com/news/security/metamask-warns-of-new-address-poisoning-cryptocurrency-scam/amp/
