It's been like eight years that I have been in this crypto space and I have never witnessed this address poisoning before, I have always use copy pasting address on my smartphone, and I believe that this is possible more on a PC than on a smartphone.
While getting to know people that have become a victim to this scam I started prefer to scan QR code to send coins, I believe this is the smartest way to avoid this scam and mind you, those victims must have make some mistakes themselves for this to happen, because many don't even know how to use a crypto wallet the right way.
I still prefer telling people to buy a hardware wallet to store their Bitcoin and alternative coins, using Hardware wallet to make a transaction erase the need to copy paste any wallet address.
Topic: Do not take address poisoning as a joke, it is real. (Read 228 times)
Fortunately I have never experienced a poisoning, but in the year I've been here I have heard of several cases and I always check the addresses twice just in case.
It is very unlikely to be the victim of one of these attacks, but the consequences are so serious that we all should keep in mind that they exist and stay vigilant when sending any coins.
It is very unlikely to be the victim of one of these attacks, but the consequences are so serious that we all should keep in mind that they exist and stay vigilant when sending any coins.
The constant evolution of scams process a growing threat to individuals and their finances, need for increased vigilance for . Platforms like Bitcointalk play a vital role in this place , serving as a valuable resource for users to stay informed and share insights . Despite the initial perception of effort in actively seeking information, the ease of access crucial updates on forums stands out in comparison to other social media platforms . A chance discovery of a warning thread not only proveded valuable insighte but also heightened the users awareness . I Expressing gratitude for the alert .
What are Address Poisoning Scams?
Metamask: Address Poisoning Scam
It is not limited to web3, smart contracts but with Bitcoin and Bitcoin addresses too. With Bitcoin, it is called as Dust attack.
Dust Attack, what it is, why it is dangerous and how to prevent falling to it
People fall to this type of attack because they use one wallet for many tasks. They must do it more safely, like a main wallet is not used for exploration of new platforms, new projects. Explorations must be done with a new wallet and small one that will not cause them big issue with address poisoning scam attack or dust attack.
Metamask: Address Poisoning Scam
It is not limited to web3, smart contracts but with Bitcoin and Bitcoin addresses too. With Bitcoin, it is called as Dust attack.
Dust Attack, what it is, why it is dangerous and how to prevent falling to it
People fall to this type of attack because they use one wallet for many tasks. They must do it more safely, like a main wallet is not used for exploration of new platforms, new projects. Explorations must be done with a new wallet and small one that will not cause them big issue with address poisoning scam attack or dust attack.
You're right, there have been several ways that bitcoin holders make series of mistakes through the use of their wallet, some don't even Know much about using a wallet not to talk on the ways they will make sure they avoid anything that has to do with wallet address poisoning, newbies should know that it's very important for them to learn about the security of their wallet, what is expected of them and what is not, we should also take in some security measures make sure that we avoid every possible means of getting us under their attack, when we are aware of them, we will not fall for them, but when we are not conscious of them, they got on us and we becomes their victim of attack.
We have been talking about address poisoning hack on this forum. It happens in a way hacks create an address similar to your altcoin address. It has happened to me when I was sending coins like USDT and some other altcoins which are not stable coins. But I understand about it and I easily avoided copying the address I sent coin to, instead I go to the receiving wallet or exchange to copy the address. You can know the hacker's address by noticing small amount not worth up to $1 sent to you with the hacker's address. If you check the address, it will be similar to your address but not you address. Avoid sending coins to the address. I do not know if it happens with bitcoin too, but I have not seen it while sending bitcoin. But if sending any coins, check the address you are sending to, make sure it is the same as the address you are sending to.
Thanks OP , You have shared a valuable information with us and I hope no one will be lazy after reading your post. Checking while address will not take more than 2 minutes as Hugeblack mentioned , and It will save our fund. Usually this scam attempt happening in PC where malware attack is responsible for all these scam.
Some hackers are very smart, when you paste address, you will see the same address you copied but when you check approve pop up then address will be change. My address was hacked in this method but I found it before approving.
Every day, these scammers get more creative, trying to trick people out of their money. That's why forums like Bitcointalk are crucial. It might feel like a bit of effort to actively search for news, but here, it's as easy as scrolling through Instagram or TikTok. I stumbled upon a thread that gave me a heads-up. Thanks for the warning – it really makes me more cautious. Let's hope none of us fall victim to these crimes. It's a reminder to stay vigilant and keep our guard up in the ever-changing landscape of online scams.
We have been talking about address poisoning hack on this forum. I do not know if it happens with bitcoin too, but I have not seen it while sending bitcoin.
It happens with Bitcoin addresses as well and I'm pretty sure that many of such hackers have hacked a lot of money in this way. I have never seen something like that happening to me but surely it's a threat and we can't ignore it. I must say that one should be careful with all crypto related transactions because hackers nowadays are trying to target crypto users as the transactions made with crypto-currencies are irreversible and thus if an hacker successfully added a fake address into a user's clipboard and unfortunately the users sent the coins to the hacker's wallet then it would be impossible to reverse those transactions.
It sounds new to me, it might be due to being slightly inactive in the crypto world.
But hey, thank you for this topic.
Just a question, is the reputable antivirus and anti-malware software can't protect against this kind of clipboard malware hack?
Thinking that it's easy for hackers to produce such fake addresses that have the same last and first digits.
But hey, thank you for this topic.
Now, this was done on a simple machine with 4 vcpu's (and it only took 8 seconds), but imagine doing this on a small GPU cluster to create "fake" addresses with the 3 first and 3 last characters equal for the top-10.000 addresses... It would be feasible... Those generators just brute-force for valid keys, so it doesn't take them that much longer to find matches for 1 address as it does for 10.000 addresses... Finding fakes for the top 10.000 would probably just take a couple of days.
If that is so, checking the last 3 digits and the 3 first digits of your address isn't advisable anymore. Just a question, is the reputable antivirus and anti-malware software can't protect against this kind of clipboard malware hack?
Thinking that it's easy for hackers to produce such fake addresses that have the same last and first digits.
I learnt about it some time ago and, since then, I always check the digits in the middle of the address too, just in case. I've get used to it and now I double check every address no matter the network every time I have to send any coins.
It is a bit tedious especially at the beginning, but it is still better than checking every single digit or not check/check only the beginning and the end of the addresses.
And, as you said before, taking into account that there are other attacks too that have this same effect in changing the digits of the addresses, it is worth the little effort to avoid losing your money.
It's just a hacker generating an address that looks a lot like an active address, then using an unspent output funding said address to fund a "to attack" address with a couple of cents, hoping the victim will just copy/paste the bad address instead of the real one and send funds to the hacker... I cannot imagine an antivirus software being able to protect you against such an attack.
Thanks for doing the math. I thought that generating an address similar to 3 first and 3 last characters would take longer, but it is better to check the entire address. This can be easily avoided by asking the wallet to hide any dust balance or any amount less than one dollar. 
It's because of this hijacks and malware problem that I have running crypto software on computers, they just feel more vulnerable to these attacks than other hardwares, even a mobile phone is steps ahead better than using a PC, I can't count how many times I have formatted all my files because of one malware or trojan, even with a premium antivirus running.
I just wanted to write that this virus is probably most dangerous on mobile, but you beat me to it. I don’t use a phone when sending, and in my opinion, a computer is most convenient, since you have a field to carefully check the address. Likewise, I just can’t imagine how to do this on a mobile phone, constantly jumping from window to window (but I have no experience, and this is probably the reason)
On the other hand, I agree that Windows is so unreliable that the likelihood of catching a virus or stealer arises with any accidental click on a link, which can hardly be expected from mobile systems.
I will not repeat myself about Linux (although a couple of words should always be noted), however, I believe that you always need to blame yourself, and your inattention, since sending coin addresses requires the owner, not two eyes, but several checks, but much more.
Thanks for sharing the information. I have not actually had this kind of experience, but sometimes if I want to send out funds to my wallet, I don't normally cross-check from beginning to end. I only look at what the wallet started with and the ending letters, and I feel it's risky doing that because of this wallet poisoning attack. In the case of the clipboard virus, it also has to do with a simple situation where, after copying your wallet or someone else's wallet that you want to send funds to, the virus will convert your copied address to some other address, which, if you are not very careful, will result in you sending your coins to a strange wallet that you will only realize later.
If that is so, checking the last 3 digits and the 3 first digits of your address isn't advisable anymore.
It was never advisable to glance through the first and last 3 characters. Sending funds should always be done with care, you should take your time to compare the entire characters that make up the address ensuring that they all match up. This will not take longer than 20 seconds to do.- Jay -
I remember receiving some fake coins in my trust wallet years ago and it was showing some value as well. I didn't know where it came from. How easy it is to create a similar address? How do they do it? I did not notice if the sender's address was similar to my address or not. I have heard about clipboard hacks and other attacks. But probably this is the first time I am hearing about address poisoning. Usually, I do not use Metamask. I no longer use trust wallet as well. I don't remember when I stopped using them. But I do have those wallets. Thanks for the post anyway. I will have to check the address before I send any coins to anyone.
If you check the address, it will be similar to your address but not you address. Avoid sending coins to the address. I do not know if it happens with bitcoin too, but I have not seen it while sending bitcoin. But if sending any coins, check the address you are sending to, make sure it is the same as the address you are sending to.
Every bitcoin holder should take their security to be the topmost priority. And one of the ways for to be very security conscious is to test small transactions which provides a secure way to confirm that your bitcoin is going to the address it is intended to . And it is recommended for everyone this will ensure that they are familiar with the process and avoid significant losses in case of errors. Another thing to do is to always double-check transactions if there is an iota of doubt. 
The only way to protect you is always being vigilant, making sure you always double check each address.
Double check the whole address does not take too much time and to be safe, I see it worths my time to double check address before broadcasting my transactions.How to lose your Bitcoins with CTRL-C CTRL-V.
The bottom line is checking address carefully and carelessness will have to pay expensive cost. The poisoning attack does not often find victims because not all people are careless enough to be trapped by scammers.
--snip--
Just a question, is the reputable antivirus and anti-malware software can't protect against this kind of clipboard malware hack?
Thinking that it's easy for hackers to produce such fake addresses that have the same last and first digits.
Just a question, is the reputable antivirus and anti-malware software can't protect against this kind of clipboard malware hack?
Thinking that it's easy for hackers to produce such fake addresses that have the same last and first digits.
Not really... This attack vector doesn't need malware of any kind, so there's nothing to detect...
It's just a hacker generating an address that looks a lot like an active address, then using an unspent output funding said address to fund a "to attack" address with a couple of cents, hoping the victim will just copy/paste the bad address instead of the real one and send funds to the hacker... I cannot imagine an antivirus software being able to protect you against such an attack.
The only way to protect you is always being vigilant, making sure you always double check each address.
It sounds new to me, it might be due to being slightly inactive in the crypto world.
But hey, thank you for this topic.
Just a question, is the reputable antivirus and anti-malware software can't protect against this kind of clipboard malware hack?
Thinking that it's easy for hackers to produce such fake addresses that have the same last and first digits.
But hey, thank you for this topic.
Now, this was done on a simple machine with 4 vcpu's (and it only took 8 seconds), but imagine doing this on a small GPU cluster to create "fake" addresses with the 3 first and 3 last characters equal for the top-10.000 addresses... It would be feasible... Those generators just brute-force for valid keys, so it doesn't take them that much longer to find matches for 1 address as it does for 10.000 addresses... Finding fakes for the top 10.000 would probably just take a couple of days.
If that is so, checking the last 3 digits and the 3 first digits of your address isn't advisable anymore. Just a question, is the reputable antivirus and anti-malware software can't protect against this kind of clipboard malware hack?
Thinking that it's easy for hackers to produce such fake addresses that have the same last and first digits.
What is the probability that hackers will obtain a similar address with the first 6 letters and the last 6 letters? If not impossible, it is minimal. Therefore, verifying these letters will not cost you a lot of time, while it will save you, especially since such attacks require hackers to have good computing capabilities to be able to produce the last two Similar letters.
It's not THAT hard to produce an address with the first and last characters "fixed". I had to think long and hard which address to pick as an example, i decided to pick the genesis address since everybody should know that funds sent there will be "lost" anyways:
1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
Code:
time ./programname -r 1A1.*Na$
Pattern: 1A1.*Na$
Address: 1A1YoPiW8CGN3VxwNAv3gM5tEjFSxKj2Na
Privkey: 5KAom35z6G2VYC2XyRXYy7QB9nd5hdMwXjZ8Q8iwajWMmQgkB48
real 0m8.508s
user 0m33.955s
sys 0m0.004s
Pattern: 1A1.*Na$
Address: 1A1YoPiW8CGN3VxwNAv3gM5tEjFSxKj2Na
Privkey: 5KAom35z6G2VYC2XyRXYy7QB9nd5hdMwXjZ8Q8iwajWMmQgkB48
real 0m8.508s
user 0m33.955s
sys 0m0.004s
edit: i redacted the name of the tool i used as not to inspire people to go and try this themselfs
Now, this was done on a simple machine with 4 vcpu's (and it only took 8 seconds), but imagine doing this on a small GPU cluster to create "fake" addresses with the 3 first and 3 last characters equal for the top-10.000 addresses... It would be feasible... Those generators just brute-force for valid keys, so it doesn't take them that much longer to find matches for 1 address as it does for 10.000 addresses... Finding fakes for the top 10.000 would probably just take a couple of days.
We have been talking about address poisoning hack on this forum. It happens in a way hacks create an address similar to your altcoin address. It has happened to me when I was sending coins like USDT and some other altcoins which are not stable coins. But I understand about it and I easily avoided copying the address I sent coin to, instead I go to the receiving wallet or exchange to copy the address. You can know the hacker's address by noticing small amount not worth up to $1 sent to you with the hacker's address. If you check the address, it will be similar to your address but not you address. Avoid sending coins to the address. I do not know if it happens with bitcoin too, but I have not seen it while sending bitcoin. But if sending any coins, check the address you are sending to, make sure it is the same as the address you are sending to.
I encounter a clipboard malware before and lost some amount for this and after that incident I always make sure to multiple check if the wallet I grab is my real wallet address since I don't want to experience any serious problem brought up by another malware that can possibly hit us.
And same goes with this address poisoning since this could bring us serious problem since this could steal our balances that's why people should not joke around with this since it can harm anybody and possibly the next target is the person they know so if they know about the existence of this attack they should let their crypto friends to be aware of this so that they would not get any further damage brought up by said attack.
This have not happened to me before but I know someone that was a victim of this, and since the day that I am aware I have start to use QR Code instead, either I am sending to an exchange or I am sending to someone, I will prefer to scan for their address instead of copy and pasting, also it is more likely that this will happen to you if you are using a computer, the few I've seen happened to PC users, even the clipboard virus too, it's mostly always PC/Computer.
The best way to beat this scam is to start scanning instead of copying the address, some people also like storing the address somewhere online like inside their email, which is a bad practice, and also it's good to cross check the address very well, because once you send the coin it's not ever coming back if it's the wrong address.
It's because of this hijacks and malware problem that I have running crypto software on computers, they just feel more vulnerable to these attacks than other hardwares, even a mobile phone is steps ahead better than using a PC, I can't count how many times I have formatted all my files because of one malware or trojan, even with a premium antivirus running.
The best way to beat this scam is to start scanning instead of copying the address, some people also like storing the address somewhere online like inside their email, which is a bad practice, and also it's good to cross check the address very well, because once you send the coin it's not ever coming back if it's the wrong address.
It's because of this hijacks and malware problem that I have running crypto software on computers, they just feel more vulnerable to these attacks than other hardwares, even a mobile phone is steps ahead better than using a PC, I can't count how many times I have formatted all my files because of one malware or trojan, even with a premium antivirus running.
I wont underestimate the ability of anyone in this current world. There are lot of Bitcoin scams and fraudulent activities of which in a common sense we wont think of it to be possible. There is probability that a scammer will be able to generate a similar address like yours. I have encountered this before and i mistakenly sent to that address. I waited and taught it was my network issue that i have seen the coin. Before i traced and saw it was a scam attack. The remedy to this, is to always get the address directly from the exchange or wallet whenever you want to make a transaction.
What is the probability that hackers will obtain a similar address with the first 6 letters and the last 6 letters? If not impossible, it is minimal. Therefore, verifying these letters will not cost you a lot of time, while it will save you, especially since such attacks require hackers to have good computing capabilities to be able to produce the last two Similar letters.
Just as Ever_young once said that clipboard virus also has some effect on crypto loss. I think some of the users who where scammed may be as a result of this clipboard virus that one sends crypto to a different wallet thinking that its there own address.
Yeah it looks the same but there is difference in the two attacks this address poisoning is actual slightly different and easier for the scammers to attempt. The clipboard virus is harder because the scammers needs to find a way to get the malware into your device and then it changes the address when you copy it, this common with window OS and you they OS are not usually affected. But for dust attack or say address poisoning the attacker just looks at your address and create a similar address like it with similar beginning and ending and then uses this address to send you dust coins and when next you try to copy address you will actually mistakenly copy the hackers address from the transaction history without know since it’s similar. In this attack you’re actually copying and pasting the right address but it is that of that an hacker.
Also dust attack can be use to monitor that address it is sent to even if you don’t make mistake to sent back to it which makes you to lose your privacy
Thanks for the information it's very necessary for users to know about this because it occurs without there notice.
Just as Ever_young once said that clipboard virus also has some effect on crypto loss. I think some of the users who where scammed may be as a result of this clipboard virus that one sends crypto to a different wallet thinking that its there own address.
Just as Ever_young once said that clipboard virus also has some effect on crypto loss. I think some of the users who where scammed may be as a result of this clipboard virus that one sends crypto to a different wallet thinking that its there own address.
What are Address Poisoning Scams?
Metamask: Address Poisoning Scam
It is not limited to web3, smart contracts but with Bitcoin and Bitcoin addresses too. With Bitcoin, it is called as Dust attack.
Dust Attack, what it is, why it is dangerous and how to prevent falling to it
People fall to this type of attack because they use one wallet for many tasks. They must do it more safely, like a main wallet is not used for exploration of new platforms, new projects. Explorations must be done with a new wallet and small one that will not cause them big issue with address poisoning scam attack or dust attack.
Metamask: Address Poisoning Scam
It is not limited to web3, smart contracts but with Bitcoin and Bitcoin addresses too. With Bitcoin, it is called as Dust attack.
Dust Attack, what it is, why it is dangerous and how to prevent falling to it
People fall to this type of attack because they use one wallet for many tasks. They must do it more safely, like a main wallet is not used for exploration of new platforms, new projects. Explorations must be done with a new wallet and small one that will not cause them big issue with address poisoning scam attack or dust attack.
We have been talking about address poisoning hack on this forum. It happens in a way hacks create an address similar to your altcoin address. It has happened to me when I was sending coins like USDT and some other altcoins which are not stable coins. But I understand about it and I easily avoided copying the address I sent coin to, instead I go to the receiving wallet or exchange to copy the address. You can know the hacker's address by noticing small amount not worth up to $1 sent to you with the hacker's address. If you check the address, it will be similar to your address but not you address. Avoid sending coins to the address. I do not know if it happens with bitcoin too, but I have not seen it while sending bitcoin. But if sending any coins, check the address you are sending to, make sure it is the same as the address you are sending to.
Address poisoning is when an attacker creates a similar-looking address to the one a targeted victim regularly sends funds to — usually using the same beginning and ending characters.
A crypto hacker specializing in “address poisoning attacks" has managed to steal over $2 million from Safe Wallet users alone in the past week, with its total victim count now reaching 21.
On Dec. 3, Web3 scam detection platform Scam Sniffer reported that around ten Safe Wallets lost $2.05 million to address poisoning attacks since Nov. 26.
According to Dune Analytics data compiled by Scam Sniffer, the same attacker has reportedly stolen at least $5 million from around 21 victims in the past four months.
Scam Sniffer, reported that one of the victims even held $10 million in crypto in a Safe Wallet, but "luckily" only lost $400,000 of it.
A crypto hacker specializing in “address poisoning attacks" has managed to steal over $2 million from Safe Wallet users alone in the past week, with its total victim count now reaching 21.
On Dec. 3, Web3 scam detection platform Scam Sniffer reported that around ten Safe Wallets lost $2.05 million to address poisoning attacks since Nov. 26.
According to Dune Analytics data compiled by Scam Sniffer, the same attacker has reportedly stolen at least $5 million from around 21 victims in the past four months.
Scam Sniffer, reported that one of the victims even held $10 million in crypto in a Safe Wallet, but "luckily" only lost $400,000 of it.
Jump to: