Do not take address poisoning as a joke, it is real.

[_act_]

We have been talking about address poisoning hack on this forum. It happens in a way hacks create an address similar to your altcoin address. It has happened to me when I was sending coins like USDT and some other altcoins which are not stable coins. But I understand about it and I easily avoided copying the address I sent coin to, instead I go to the receiving wallet or exchange to copy the address. You can know the hacker's address by noticing small amount not worth up to $1 sent to you with the hacker's address. If you check the address, it will be similar to your address but not you address. Avoid sending coins to the address. I do not know if it happens with bitcoin too, but I have not seen it while sending bitcoin. But if sending any coins, check the address you are sending to, make sure it is the same as the address you are sending to.

Address poisoning is when an attacker creates a similar-looking address to the one a targeted victim regularly sends funds to — usually using the same beginning and ending characters.

A crypto hacker specializing in “address poisoning attacks" has managed to steal over $2 million from Safe Wallet users alone in the past week, with its total victim count now reaching 21.

On Dec. 3, Web3 scam detection platform Scam Sniffer reported that around ten Safe Wallets lost $2.05 million to address poisoning attacks since Nov. 26.

According to Dune Analytics data compiled by Scam Sniffer, the same attacker has reportedly stolen at least $5 million from around 21 victims in the past four months.

Scam Sniffer, reported that one of the victims even held $10 million in crypto in a Safe Wallet, but "luckily" only lost $400,000 of it.

[OcTradism]

What are Address Poisoning Scams?
Metamask: Address Poisoning Scam

It is not limited to web3, smart contracts but with Bitcoin and Bitcoin addresses too. With Bitcoin, it is called as Dust attack.
Dust Attack, what it is, why it is dangerous and how to prevent falling to it

People fall to this type of attack because they use one wallet for many tasks. They must do it more safely, like a main wallet is not used for exploration of new platforms, new projects. Explorations must be done with a new wallet and small one that will not cause them big issue with address poisoning scam attack or dust attack.

[Churchillvv]

Thanks for the information it's very necessary for users to know about this because it occurs without there notice.

Just as Ever_young once said that clipboard virus also has some effect on crypto loss. I think some of the users who where scammed may be as a result of this clipboard virus that one sends crypto to a different wallet thinking that its there own address.

[Zaguru12]

Just as Ever_young once said that clipboard virus also has some effect on crypto loss. I think some of the users who where scammed may be as a result of this clipboard virus that one sends crypto to a different wallet thinking that its there own address.

Yeah it looks the same but there is difference in the two attacks this address poisoning is actual slightly different and easier for the scammers to attempt. The clipboard virus is harder because the scammers needs to find a way to get the malware into your device and then it changes the address when you copy it, this common with window OS and you they OS are not usually affected. But for dust attack or say address poisoning the attacker just looks at your address and create a similar address like it with similar beginning and ending and then uses this address to send you dust coins and when next you try to copy address you will actually mistakenly copy the hackers address from the transaction history without know since it’s similar. In this attack you’re actually copying and pasting the right address but it is that of that an hacker.

Also dust attack can be use to monitor that address it is sent to even if you don’t make mistake to sent back to it which makes you to lose your privacy

[hugeblack]

What is the probability that hackers will obtain a similar address with the first 6 letters and the last 6 letters? If not impossible, it is minimal. Therefore, verifying these letters will not cost you a lot of time, while it will save you, especially since such attacks require hackers to have good computing capabilities to be able to produce the last two Similar letters.

[Winterfrost]

I wont underestimate the ability of anyone in this current world. There are lot of Bitcoin scams and fraudulent activities of which in a common sense we wont think of it to be possible. There is probability that a scammer will be able to generate a similar address like yours. I have encountered this before and i mistakenly sent to that address. I waited and taught it was my network issue that i have seen the coin. Before i traced and saw it was a scam attack. The remedy to this, is to always get the address directly from the exchange or wallet whenever you want to make a transaction.

[Z390]

This have not happened to me before but I know someone that was a victim of this, and since the day that I am aware I have start to use QR Code instead, either I am sending to an exchange or I am sending to someone, I will prefer to scan for their address instead of copy and pasting, also it is more likely that this will happen to you if you are using a computer, the few I've seen happened to PC users, even the clipboard virus too, it's mostly always PC/Computer.

The best way to beat this scam is to start scanning instead of copying the address, some people also like storing the address somewhere online like inside their email, which is a bad practice, and also it's good to cross check the address very well, because once you send the coin it's not ever coming back if it's the wrong address.

It's because of this hijacks and malware problem that I have running crypto software on computers, they just feel more vulnerable to these attacks than other hardwares, even a mobile phone is steps ahead better than using a PC, I can't count how many times I have formatted all my files because of one malware or trojan, even with a premium antivirus running.

[Taskford]

We have been talking about address poisoning hack on this forum. It happens in a way hacks create an address similar to your altcoin address. It has happened to me when I was sending coins like USDT and some other altcoins which are not stable coins. But I understand about it and I easily avoided copying the address I sent coin to, instead I go to the receiving wallet or exchange to copy the address. You can know the hacker's address by noticing small amount not worth up to $1 sent to you with the hacker's address. If you check the address, it will be similar to your address but not you address. Avoid sending coins to the address. I do not know if it happens with bitcoin too, but I have not seen it while sending bitcoin. But if sending any coins, check the address you are sending to, make sure it is the same as the address you are sending to.

I encounter a clipboard malware before and lost some amount for this and after that incident I always make sure to multiple check if the wallet I grab is my real wallet address since I don't want to experience any serious problem brought up by another malware that can possibly hit us.

And same goes with this address poisoning since this could bring us serious problem since this could steal our balances that's why people should not joke around with this since it can harm anybody and possibly the next target is the person they know so if they know about the existence of this attack they should let their crypto friends to be aware of this so that they would not get any further damage brought up by said attack.

[mocacinno]

What is the probability that hackers will obtain a similar address with the first 6 letters and the last 6 letters? If not impossible, it is minimal. Therefore, verifying these letters will not cost you a lot of time, while it will save you, especially since such attacks require hackers to have good computing capabilities to be able to produce the last two Similar letters.

It's not THAT hard to produce an address with the first and last characters "fixed". I had to think long and hard which address to pick as an example, i decided to pick the genesis address since everybody should know that funds sent there will be "lost" anyways:

1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa

 

Code:

time ./programname -r 1A1.*Na$
Pattern: 1A1.*Na$
Address: 1A1YoPiW8CGN3VxwNAv3gM5tEjFSxKj2Na
Privkey: 5KAom35z6G2VYC2XyRXYy7QB9nd5hdMwXjZ8Q8iwajWMmQgkB48

real    0m8.508s
user    0m33.955s
sys     0m0.004s

edit: i redacted the name of the tool i used as not to inspire people to go and try this themselfs

Now, this was done on a simple machine with 4 vcpu's (and it only took 8 seconds), but imagine doing this on a small GPU cluster to create "fake" addresses with the 3 first and 3 last characters equal for the top-10.000 addresses... It would be feasible... Those generators just brute-force for valid keys, so it doesn't take them that much longer to find matches for 1 address as it does for 10.000 addresses... Finding fakes for the top 10.000 would probably just take a couple of days.

[sheenshane]

It sounds new to me, it might be due to being slightly inactive in the crypto world.
But hey, thank you for this topic.

Now, this was done on a simple machine with 4 vcpu's (and it only took 8 seconds), but imagine doing this on a small GPU cluster to create "fake" addresses with the 3 first and 3 last characters equal for the top-10.000 addresses... It would be feasible... Those generators just brute-force for valid keys, so it doesn't take them that much longer to find matches for 1 address as it does for 10.000 addresses... Finding fakes for the top 10.000 would probably just take a couple of days.

If that is so, checking the last 3 digits and the 3 first digits of your address isn't advisable anymore.
Just a question, is the reputable antivirus and anti-malware software can't protect against this kind of clipboard malware hack?
Thinking that it's easy for hackers to produce such fake addresses that have the same last and first digits.

[mocacinno]

--snip--
Just a question, is the reputable antivirus and anti-malware software can't protect against this kind of clipboard malware hack?
Thinking that it's easy for hackers to produce such fake addresses that have the same last and first digits.

Not really... This attack vector doesn't need malware of any kind, so there's nothing to detect...
It's just a hacker generating an address that looks a lot like an active address, then using an unspent output funding said address to fund a "to attack" address with a couple of cents, hoping the victim will just copy/paste the bad address instead of the real one and send funds to the hacker... I cannot imagine an antivirus software being able to protect you against such an attack.

The only way to protect you is always being vigilant, making sure you always double check each address.

[dzungmobile]

The only way to protect you is always being vigilant, making sure you always double check each address.

Double check the whole address does not take too much time and to be safe, I see it worths my time to double check address before broadcasting my transactions.

How to lose your Bitcoins with CTRL-C CTRL-V.

The bottom line is checking address carefully and carelessness will have to pay expensive cost. The poisoning attack does not often find victims because not all people are careless enough to be trapped by scammers.

[mvdheuvel1983]

If you check the address, it will be similar to your address but not you address. Avoid sending coins to the address. I do not know if it happens with bitcoin too, but I have not seen it while sending bitcoin. But if sending any coins, check the address you are sending to, make sure it is the same as the address you are sending to.

Every bitcoin holder should take their security to be the topmost priority. And one of the ways for to be very security conscious is to test small transactions which provides a secure way to confirm that your bitcoin is going to the address it is intended to . And it is recommended for everyone this will ensure that they are familiar with the process and avoid significant losses in case of errors. Another thing to do is to always  double-check transactions if there is an iota of doubt.

[Shishir99]

I remember receiving some fake coins in my trust wallet years ago and it was showing some value as well. I didn't know where it came from. How easy it is to create a similar address? How do they do it? I did not notice if the sender's address was similar to my address or not. I have heard about clipboard hacks and other attacks. But probably this is the first time I am hearing about address poisoning. Usually, I do not use Metamask. I no longer use trust wallet as well. I don't remember when I stopped using them. But I do have those wallets. Thanks for the post anyway. I will have to check the address before I send any coins to anyone.

[un_rank]

If that is so, checking the last 3 digits and the 3 first digits of your address isn't advisable anymore.

It was never advisable to glance through the first and last 3 characters. Sending funds should always be done with care, you should take your time to compare the entire characters that make up the address ensuring that they all match up. This will not take longer than 20 seconds to do.

- Jay -

[Dr.Bitcoin_Strange]

Thanks for sharing the information. I have not actually had this kind of experience, but sometimes if I want to send out funds to my wallet, I don't normally cross-check from beginning to end. I only look at what the wallet started with and the ending letters, and I feel it's risky doing that because of this wallet poisoning attack. In the case of the clipboard virus, it also has to do with a simple situation where, after copying your wallet or someone else's wallet that you want to send funds to, the virus will convert your copied address to some other address, which, if you are not very careful,  will result in you sending your coins to a strange wallet that you will only realize later.

[lovesmayfamilis]

It's because of this hijacks and malware problem that I have running crypto software on computers, they just feel more vulnerable to these attacks than other hardwares, even a mobile phone is steps ahead better than using a PC, I can't count how many times I have formatted all my files because of one malware or trojan, even with a premium antivirus running.

I just wanted to write that this virus is probably most dangerous on mobile, but you beat me to it. I don’t use a phone when sending, and in my opinion, a computer is most convenient, since you have a field to carefully check the address. Likewise, I just can’t imagine how to do this on a mobile phone, constantly jumping from window to window (but I have no experience, and this is probably the reason)
On the other hand, I agree that Windows is so unreliable that the likelihood of catching a virus or stealer arises with any accidental click on a link, which can hardly be expected from mobile systems.
I will not repeat myself about Linux (although a couple of words should always be noted), however, I believe that you always need to blame yourself, and your inattention, since sending coin addresses requires the owner, not two eyes, but several checks, but much more.

[hugeblack]

It's just a hacker generating an address that looks a lot like an active address, then using an unspent output funding said address to fund a "to attack" address with a couple of cents, hoping the victim will just copy/paste the bad address instead of the real one and send funds to the hacker... I cannot imagine an antivirus software being able to protect you against such an attack.

Thanks for doing the math. I thought that generating an address similar to 3 first and 3 last characters would take longer, but it is better to check the entire address. This can be easily avoided by asking the wallet to hide any dust balance or any amount less than one dollar.

[Porfirii]

It sounds new to me, it might be due to being slightly inactive in the crypto world.
But hey, thank you for this topic.

Now, this was done on a simple machine with 4 vcpu's (and it only took 8 seconds), but imagine doing this on a small GPU cluster to create "fake" addresses with the 3 first and 3 last characters equal for the top-10.000 addresses... It would be feasible... Those generators just brute-force for valid keys, so it doesn't take them that much longer to find matches for 1 address as it does for 10.000 addresses... Finding fakes for the top 10.000 would probably just take a couple of days.

If that is so, checking the last 3 digits and the 3 first digits of your address isn't advisable anymore.
Just a question, is the reputable antivirus and anti-malware software can't protect against this kind of clipboard malware hack?
Thinking that it's easy for hackers to produce such fake addresses that have the same last and first digits.

I learnt about it some time ago and, since then, I always check the digits in the middle of the address too, just in case. I've get used to it and now I double check every address no matter the network every time I have to send any coins.

It is a bit tedious especially at the beginning, but it is still better than checking every single digit or not check/check only the beginning and the end of the addresses.

And, as you said before, taking into account that there are other attacks too that have this same effect in changing the digits of the addresses, it is worth the little effort to avoid losing your money.

[SamReomo]

We have been talking about address poisoning hack on this forum. I do not know if it happens with bitcoin too, but I have not seen it while sending bitcoin.

It happens with Bitcoin addresses as well and I'm pretty sure that many of such hackers have hacked a lot of money in this way. I have never seen something like that happening to me but surely it's a threat and we can't ignore it. I must say that one should be careful with all crypto related transactions because hackers nowadays are trying to target crypto users as the transactions made with crypto-currencies are irreversible and thus if an hacker successfully added a fake address into a user's clipboard and unfortunately the users sent the coins to the hacker's wallet then it would be impossible to reverse those transactions.