Author

Topic: New Scam Alert - Address Poisoining (Read 290 times)

sr. member
Activity: 1764
Merit: 260
Binance #SWGT and CERTIK Audited
January 22, 2023, 08:40:53 AM
#30

Glad to see this. I hope that this post will be seen by those peeps out there that are lazy or feel that the address that they put to the receiving address textbox is free-of-error.
Personally, I always check the address (each character) multiple twice, thrice, or sometimes multiple times so just to secure that I am copy-pasting the right address.
jr. member
Activity: 145
Merit: 1
January 22, 2023, 08:20:57 AM
#29
Damn, thanks for the info. I never heard anything like this before. I'll try to be more careful in the future.
legendary
Activity: 3808
Merit: 1723
January 21, 2023, 11:36:58 PM
#28
I had this happen about a month ago, if you search my nick you can find my thread on it. I was very puzzled because it looked like someone had my private keys because a transaction came out of my own wallet. However apparently for some reason you can send 0 ETH from a wallet that is not yours. Then it looks like your key can be compromised.

However etherscan at least is not showing these transactions anymore. So they won’t appear and decreases the chances of actually copying the wrong address. Very sneaky how they make the first few characters the same to fool many people.
sr. member
Activity: 2520
Merit: 280
Hire Bitcointalk Camp. Manager @ r7promotions.com
January 21, 2023, 12:11:46 PM
#27
This isn't really a new scamming technique, this has been done in the past but possibly the new term for that invented recently, the thing from the article its happening on ethereum network so everyone who is transacting on that network has to be extra careful than we used to be because generally we receive lot of tokens from various reasons so we don't really give attention to it so while copying make sure the complete address matches with the designation so can avoid poisoning or clipboard hijacking.
hero member
Activity: 2744
Merit: 588
January 15, 2023, 04:18:50 PM
#26
If only these scammers could apply their creativity to something productive. Thanks for the heads up bro.
What about scamming, isn't that productive? Because, productive means the person is moving and doing things which benefits them. Scammers benefits from scamming and this is where they earn money. Maybe what you mean is they better apply their talent on something which aren't illegal and they can't cause a harm to others. It is possible. I've seen a lot of hackers who change for the better but it's not going to an easy process. The feeling can be the same if you are addicted to something else.

Thanks to the OP for alerting us to this new scam technique. As long as we stay to be informative or vigilant, we can possibly avoid them easily.

That is  correct, that is their productive way of wasting their time - scamming people.
We can't expect all people to earn money via legal means because some people will resort to screwing other people.
Since we are dealing mostly in anonymous market, these scammers are free to use all their skills without disclosing their identity.
It is now on how our hands how we can avoid this type of people or how to prevent from being scammed by diligently doing our part before jumping any click-bait offers.
hero member
Activity: 2646
Merit: 582
Leading Crypto Sports Betting & Casino Platform
January 15, 2023, 03:49:30 PM
#25
If only these scammers could apply their creativity to something productive. Thanks for the heads up bro.
What about scamming, isn't that productive? Because, productive means the person is moving and doing things which benefits them. Scammers benefits from scamming and this is where they earn money. Maybe what you mean is they better apply their talent on something which aren't illegal and they can't cause a harm to others. It is possible. I've seen a lot of hackers who change for the better but it's not going to an easy process. The feeling can be the same if you are addicted to something else.

Thanks to the OP for alerting us to this new scam technique. As long as we stay to be informative or vigilant, we can possibly avoid them easily.
copper member
Activity: 1316
Merit: 715
Eloncoin.org - Mars, here we come!
January 15, 2023, 09:08:09 AM
#24
Scam alert: Metamask warns crypto users about address poisoning

While exploring the Binance news tab I found this article which highlights how a hacker is stealing the crypto assets by switching the address by matching the characters we normally use to send funds so beware of copying and pasting the recipient address no matter what kind of wallet your using and crosscheck all the characters not prefix and random alone.

I will quote the important part of the article and will leave the link below.

Quote
While the attempt would not give the hackers access to user wallets, people who may have gotten into the habit of copying their wallet address from the transaction history before sending digital asset balances could potentially send their funds to copycat addresses.
Because of this, the wallet provider warned users always to be careful and double-check their transactions before sending their balances. The firm highlighted that it would be best to check every single character of the wallet address to make sure that the funds will be sent to the correct wallet.

source: Scam alert: MetaMask warns crypto users about address poisoning

Thanks for sharing this useful information, we should be more diligent while making transactions from wallets & preferably use save address book feature . This scam has been reported recently in media but hackers have already stolen huge amount of funds from wallets. Though Mestamask team is making consistent efforts to make their wallet more secure but scammers always come up with new idea to breach security system, which suggests that a lot more need to be done to improve security systems to build confidence of investors on crypto.  


legendary
Activity: 1932
Merit: 1273
January 15, 2023, 08:20:54 AM
#23
~

It is completely different, clipboard hijacking changes the address fully, but on address poisoning, it did not technically change any address. This specific scam, the scammer makes use of user behaviour when they are using a wallet. Most of them copy an address from the last transaction from their wallet, which in turn, this is the part where the scammers get in.

Do also note that there is also a web extension malware who are similar to clipboard hijacking but the displayed address is not changed visually but within. So, the displayed address is kept but when the user clicks the action either withdraw or anything, the address that is actually being sent is changed.
It has to change at least one character of the address. It could be a letter or number. Scammers can forge almost identical addresses, but not exactly ones. The point is that they rely on the fact Metamask displays only the summed up version of the address, so not everyone checks it completely, especially the characters of the middle.

To avoid being scammed, better to only copy addresses from valid transactions or from a saved notepad file, instead of going for the most recent transactions' history on Metamask.

We are talking about the misinterpretation of clipboard hijacking with this kind of attack. Which is completely a different kind of scam. One is because of malware, and the other is because of users' carelessness.

I know that address poisoning attacks are making use of the general most of wallet last transaction address and deceiving user behaviour, combined with profanity address of the user owned/interacted address, it is the way of how it works.



~which means you really have to check everything multiple times so that you won't be another victim of this kind of scams.

Another solution to prevent this kind of attack is to utilize the saved address feature if the wallet has one. For example, Metamask has an address book feature that can be utilized to save addresses. Although, your solution does indeed the safest solution. Actually, rechecking an address should be a habit of cryptocurrencies users.
legendary
Activity: 2576
Merit: 1655
January 15, 2023, 08:15:01 AM
#22
And this could be related to this, What is a Clipboard Hijacker?.

Clipboard hijacking is more advanced than this if I am not wrong where the hacker replaces the recipient address with his desired destination address, but the attack explained in the article says the hacker doesn't replace the address but matches the address with similar one and hoping the victim will choose the wrong address and send funds to it.

Yes, but that point is that you really need to be sure on the address that you are going to send, which means you really have to check everything multiple times so that you won't be another victim of this kind of scams.

@BossTrack - or if this criminals would have used their talents to make the crypto market better, instead of taking advantage of it, might be a different world after all. But it is what it is, they are tag are cyber criminals and so they don't have any feelings for their victims as long as they can get the money from their unsuspecting victims.

copper member
Activity: 43
Merit: 1
January 14, 2023, 08:18:47 PM
#21
Scam alert: Metamask warns crypto users about address poisoning

While exploring the Binance news tab I found this article which highlights how a hacker is stealing the crypto assets by switching the address by matching the characters we normally use to send funds so beware of copying and pasting the recipient address no matter what kind of wallet your using and crosscheck all the characters not prefix and random alone.

I will quote the important part of the article and will leave the link below.

Quote
While the attempt would not give the hackers access to user wallets, people who may have gotten into the habit of copying their wallet address from the transaction history before sending digital asset balances could potentially send their funds to copycat addresses.
Because of this, the wallet provider warned users always to be careful and double-check their transactions before sending their balances. The firm highlighted that it would be best to check every single character of the wallet address to make sure that the funds will be sent to the correct wallet.

source: Scam alert: MetaMask warns crypto users about address poisoning

If only these scammers could apply their creativity to something productive. Thanks for the heads up bro.
hero member
Activity: 2044
Merit: 784
Leading Crypto Sports Betting & Casino Platform
January 14, 2023, 05:44:12 PM
#20
A thorough explanation of Address Poisoning can be seen on What are Address Poisoning Scams?

Based on the explanation over the thread, the attack was initially known in November of 2022. Firstly, it initiated by the scammer with sending a small amount of tokens and then cames the zero token transaction scam.

And this could be related to this, What is Clipboard Hijacker?.

Clipboard hijacking is rooted in the user's infiltrated device. But with this type of scam, the users did have any malware and the scammer does not have access to the user's device, it happened solely due to how the wallet operated--the user behaviour and the smart contract accepting 0 tx.
Thanks for the explanation because on the surface both attacks seems similar to the untrained eye but it seems they are different in their nature, fortunately for me since I have been aware that clipboard hijacking has been a thing I check every single character of the address I wish to send a payment, fortunately I have never been a victim of this but that is not a reason to lower my guard as who knows when it could happen and I could lose some of holdings because of it.

It is completely different, clipboard hijacking changes the address fully, but on address poisoning, it did not technically change any address. This specific scam, the scammer makes use of user behaviour when they are using a wallet. Most of them copy an address from the last transaction from their wallet, which in turn, this is the part where the scammers get in.

Do also note that there is also a web extension malware who are similar to clipboard hijacking but the displayed address is not changed visually but within. So, the displayed address is kept but when the user clicks the action either withdraw or anything, the address that is actually being sent is changed.
It has to change at least one character of the address. It could be a letter or number. Scammers can forge almost identical addresses, but not exactly ones. The point is that they rely on the fact Metamask displays only the summed up version of the address, so not everyone checks it completely, especially the characters of the middle.

To avoid being scammed, better to only copy addresses from valid transactions or from a saved notepad file, instead of going for the most recent transactions' history on Metamask.
legendary
Activity: 1932
Merit: 1273
January 13, 2023, 09:19:18 PM
#19
A thorough explanation of Address Poisoning can be seen on What are Address Poisoning Scams?

Based on the explanation over the thread, the attack was initially known in November of 2022. Firstly, it initiated by the scammer with sending a small amount of tokens and then cames the zero token transaction scam.

And this could be related to this, What is Clipboard Hijacker?.

Clipboard hijacking is rooted in the user's infiltrated device. But with this type of scam, the users did have any malware and the scammer does not have access to the user's device, it happened solely due to how the wallet operated--the user behaviour and the smart contract accepting 0 tx.
Thanks for the explanation because on the surface both attacks seems similar to the untrained eye but it seems they are different in their nature, fortunately for me since I have been aware that clipboard hijacking has been a thing I check every single character of the address I wish to send a payment, fortunately I have never been a victim of this but that is not a reason to lower my guard as who knows when it could happen and I could lose some of holdings because of it.

It is completely different, clipboard hijacking changes the address fully, but on address poisoning, it did not technically change any address. This specific scam, the scammer makes use of user behaviour when they are using a wallet. Most of them copy an address from the last transaction from their wallet, which in turn, this is the part where the scammers get in.

Do also note that there is also a web extension malware who are similar to clipboard hijacking but the displayed address is not changed visually but within. So, the displayed address is kept but when the user clicks the action either withdraw or anything, the address that is actually being sent is changed.
jr. member
Activity: 1330
Merit: 7
January 13, 2023, 01:45:05 PM
#18
Thanks for this valuable information. This is an important reminder that it is not enough to 'copy' address, and that we have to cross check after 'pasting' the address in the wallet to ensure it exactly corresponds to the address we intend to send. I think it is a good practice to check the five characters at the beginning and end end of the address, and some middle characters. This also reminds us not to be too much in a hurry when we are sending funds/carrying out crypto transactions so as not to make mistakes. It is worth taking time to double check the address before sending - why risk losing your hard earned money? 
legendary
Activity: 2268
Merit: 1655
To the Moon
January 13, 2023, 12:23:11 PM
#17
...And this could be related to this, What is Clipboard Hijacker?.

If you use Google search, you can easily find information about the virus Trojan.Coinbitclip, which changes the address in the clipboard to the address of a fraudster. I remember that a similar topic existed on our forum about the dangers of using copy/paste, but I couldn't find it.
hero member
Activity: 1498
Merit: 504
January 13, 2023, 12:34:31 AM
#16
Scam alert: Metamask warns crypto users about address poisoning

While exploring the Binance news tab I found this article which highlights how a hacker is stealing the crypto assets by switching the address by matching the characters we normally use to send funds so beware of copying and pasting the recipient address no matter what kind of wallet your using and crosscheck all the characters not prefix and random alone.

I will quote the important part of the article and will leave the link below.

Quote
While the attempt would not give the hackers access to user wallets, people who may have gotten into the habit of copying their wallet address from the transaction history before sending digital asset balances could potentially send their funds to copycat addresses.
Because of this, the wallet provider warned users always to be careful and double-check their transactions before sending their balances. The firm highlighted that it would be best to check every single character of the wallet address to make sure that the funds will be sent to the correct wallet.

source: Scam alert: MetaMask warns crypto users about address poisoning
We must always be vigilant and careful in making all crypto transactions.
However, a hacker himself has above average intelligence and intelligence. Not everyone can carry out hacking and acts of theft through a network on the blockchain.
Sometimes someone who has been careful and always vigilant in their actions still has the misfortune of being hacked and having all of their valuable assets stolen, especially if we just act as we please.
member
Activity: 219
Merit: 19
January 12, 2023, 10:05:21 PM
#15
Thanks for the information. It's sad to think that some people have fallen victim to these types of activities, but this scenario has been present in the crypto space for some time. Therefore, we ought to refrain from copying and pasting addresses from the history and instead make a new copy of deposit address before pasting it.
legendary
Activity: 3010
Merit: 1280
Get $2100 deposit bonuses & 60 FS
January 12, 2023, 06:39:34 PM
#14
Scam alert: Metamask warns crypto users about address poisoning

While exploring the Binance news tab I found this article which highlights how a hacker is stealing the crypto assets by switching the address by matching the characters we normally use to send funds so beware of copying and pasting the recipient address no matter what kind of wallet your using and crosscheck all the characters not prefix and random alone.

I will quote the important part of the article and will leave the link below.

Quote
While the attempt would not give the hackers access to user wallets, people who may have gotten into the habit of copying their wallet address from the transaction history before sending digital asset balances could potentially send their funds to copycat addresses.
Because of this, the wallet provider warned users always to be careful and double-check their transactions before sending their balances. The firm highlighted that it would be best to check every single character of the wallet address to make sure that the funds will be sent to the correct wallet.

source: Scam alert: MetaMask warns crypto users about address poisoning

Hackers are getting smarter every day, who would have thought that they will use the tactic of sending 0 transactions just to overpopulate a person's transaction history with an address that is almost identical to the used address or to confuse the users and make him made a mistake of copying the address given by hacker to mistakenly transfer the funds to the hackers address.

We must always be vigilant in conducting transfers and always triple-check or more the destination address to ensure that we are sending our funds to the right address.
legendary
Activity: 3416
Merit: 1225
January 12, 2023, 05:33:00 PM
#13
Scam alert: Metamask warns crypto users about address poisoning

While exploring the Binance news tab I found this article which highlights how a hacker is stealing the crypto assets by switching the address by matching the characters we normally use to send funds so beware of copying and pasting the recipient address no matter what kind of wallet your using and crosscheck all the characters not prefix and random alone.

I will quote the important part of the article and will leave the link below.

Quote
While the attempt would not give the hackers access to user wallets, people who may have gotten into the habit of copying their wallet address from the transaction history before sending digital asset balances could potentially send their funds to copycat addresses.
Because of this, the wallet provider warned users always to be careful and double-check their transactions before sending their balances. The firm highlighted that it would be best to check every single character of the wallet address to make sure that the funds will be sent to the correct wallet.

source: Scam alert: MetaMask warns crypto users about address poisoning

The target is specific to people who are copying their address on their transaction history, I wonder what the percentage of people who are doing this, could be big numbers because they create specific targets I haven't done this on all my transactions I have a compilation of my wallets and I always see to it that I memorize at least the first three characters some characters in the middle and last three characters and check it on explorers especially if I'm moving big amount, took me at least 2 minutes but it's part of the precautions.
legendary
Activity: 2534
Merit: 1338
January 12, 2023, 02:21:23 PM
#12
A thorough explanation of Address Poisoning can be seen on What are Address Poisoning Scams?

Based on the explanation over the thread, the attack was initially known in November of 2022. Firstly, it initiated by the scammer with sending a small amount of tokens and then cames the zero token transaction scam.

And this could be related to this, What is Clipboard Hijacker?.

Clipboard hijacking is rooted in the user's infiltrated device. But with this type of scam, the users did have any malware and the scammer does not have access to the user's device, it happened solely due to how the wallet operated--the user behaviour and the smart contract accepting 0 tx.
Thanks for the explanation because on the surface both attacks seems similar to the untrained eye but it seems they are different in their nature, fortunately for me since I have been aware that clipboard hijacking has been a thing I check every single character of the address I wish to send a payment, fortunately I have never been a victim of this but that is not a reason to lower my guard as who knows when it could happen and I could lose some of holdings because of it.
full member
Activity: 1708
Merit: 126
January 12, 2023, 12:34:14 PM
#11
This is completely different from the Clipboard Hijacker virus, in this case we are talking about there is no virus or hacking of the victim's machine, it is just that the attacker sends a zero transaction to the victim's address and hopes that the victim mistakenly copies the address from the transaction history and sends the tokens to attackers.

This is a primitive type of attack based on the idea that some people copy addresses from their transaction history when they want to send tokens.

They just wait for the user to send the tokens to their address by mistake or rush.

Those who transact and send funds by just copying the address of the receiver without double checking it will surely fall for this trap. To be honest, this happened to me when I copied an unknown address and I really can't remember where I copied it so I sent the funds to the wrong address. I'm not sure if I've been a victim of that scam or if I was just so reckless that time because of hurrying. It should be a reminder for us that we should always double-check every single character of the address that we will be transacting with. Scammers are everywhere and they will always find new ways to fool people.
legendary
Activity: 1848
Merit: 1982
Fully Regulated Crypto Casino
January 12, 2023, 12:18:24 PM
#10
This is completely different from the Clipboard Hijacker virus, in this case we are talking about there is no virus or hacking of the victim's machine, it is just that the attacker sends a zero transaction to the victim's address and hopes that the victim mistakenly copies the address from the transaction history and sends the tokens to attackers.

This is a primitive type of attack based on the idea that some people copy addresses from their transaction history when they want to send tokens.

They just wait for the user to send the tokens to their address by mistake or rush.
legendary
Activity: 1932
Merit: 1273
January 12, 2023, 10:50:09 AM
#9
A thorough explanation of Address Poisoning can be seen on What are Address Poisoning Scams?

Based on the explanation over the thread, the attack was initially known in November of 2022. Firstly, it initiated by the scammer with sending a small amount of tokens and then cames the zero token transaction scam.

And this could be related to this, What is Clipboard Hijacker?.

Clipboard hijacking is rooted in the user's infiltrated device. But with this type of scam, the users did have any malware and the scammer does not have access to the user's device, it happened solely due to how the wallet operated--the user behaviour and the smart contract accepting 0 tx.
hero member
Activity: 1666
Merit: 453
January 12, 2023, 09:21:30 AM
#8
I think that the other community members here on the forum did not lack a reminder to crypto enthusiasts entering the world of crypto. We should always make it a habit to double-check the wallet address that we send or deposit to avoid this method of merciless hackers.

So anyway, thank you dude for this matter of giving once more reminders to the members here in the forum.
sr. member
Activity: 1722
Merit: 269
January 12, 2023, 08:51:38 AM
#7
Scam alert: Metamask warns crypto users about address poisoning
While exploring the Binance news tab I found this article which highlights how a hacker is stealing the crypto assets by switching the address by matching the characters we normally use to send funds so beware of copying and pasting the recipient address no matter what kind of wallet your using and crosscheck all the characters not prefix and random alone.

Thanks for the warning OP. I just read through the article and i have to say, that i am not sure though how high the success rate of those hacking attempt is. I would guess that it is extremely low, which is a very good thing of course. So the scammer sends you a worthless token from an adress that is identical to yours on the first and also on the last number but not in between. That is all.
This means you have to make a few big mistakes at the same time in order to send the scammer your money. First of all you have to copy the address you want to sent to from a completely different location within metamask than you usually do and secondly you have to be completely blind at the same time to not see that the address is not the same as usual.
legendary
Activity: 3304
Merit: 1617
#1 VIP Crypto Casino
January 12, 2023, 07:22:52 AM
#6
This type of scam isn’t new. It’s been happening for a while, most likely it’s able to be carried out by hackers if you unfortunately download malware on your device. When you copy an address to send crypto to he/she is able to switch around some letters/numbers in the middle of the address & send to an address they are in control of which is very similar to the one you use. It’s commonly known as a clipboard hack.

The only way to minimise the risk here is don’t go on shady sites using a device you use for crypto. Don’t download movies, torrents, files. Don’t use a VPN, don’t use the device for pretty much anything other than crypto. You shouldn’t be using the device you use for crypto for regular browsing & leisure. You need a seperare device for crypto, it’s the best way to keep it clean.

sr. member
Activity: 672
Merit: 416
stead.builders
January 12, 2023, 07:10:46 AM
#5
This is a common ransomware that focus on the clipboard malware attack, if you're sending a transaction forward to an address, make sure that you check the address to be correct from the one you copied and you might have pasted it before sending the transaction, this could be a costly mistake because transactions are irreversible regardless of the mistakes, and those that uses metamask crypto wallet needed to be extra more careful because they are dealing with multiple cryptos which they can got infected from any side where they were being open and careless from the sites they visit.
sr. member
Activity: 910
Merit: 284
January 12, 2023, 06:58:27 AM
#4
And this could be related to this, What is a Clipboard Hijacker?.

Clipboard hijacking is more advanced than this if I am not wrong where the hacker replaces the recipient address with his desired destination address, but the attack explained in the article says the hacker doesn't replace the address but matches the address with similar one and hoping the victim will choose the wrong address and send funds to it.
legendary
Activity: 3318
Merit: 1247
Bitcoin Casino Est. 2013
January 12, 2023, 06:57:32 AM
#3
So is the hacker able to change the copy/paste of my Metamask wallet for example,as I have been using it since Ethereum moved to PoS and I have a lot of Ethereum Fair and some Ethereum PoW there.However I never have received such warnings and maybe this is because I only send and receive money with websites I fully trust,I do not venture in uncharted territories and above all I am using Linux which I think it has an added layer of security because hackers target Windows devices as most of people use that system (not long ago,in fact very recently that manager who got hacked through his system I believe he was using Windows).

Nevertheless a good advice for people using Windows and not only,even for us who use Linux it is always a good practice to double check where we are sending money.
legendary
Activity: 2576
Merit: 1655
January 12, 2023, 06:41:11 AM
#2
Thanks for this, and that is why it is very important to check everything first before sending any to a address. Because hackers are clever enough to change the first and last of any address that it looks very similar to the one you are sending.

So if you are not that careful you might fall for this trick.

And this could be related to this, What is Clipboard Hijacker?.
sr. member
Activity: 910
Merit: 284
January 12, 2023, 06:37:38 AM
#1
Scam alert: Metamask warns crypto users about address poisoning

While exploring the Binance news tab I found this article which highlights how a hacker is stealing the crypto assets by switching the address by matching the characters we normally use to send funds so beware of copying and pasting the recipient address no matter what kind of wallet your using and crosscheck all the characters not prefix and random alone.

I will quote the important part of the article and will leave the link below.

Quote
While the attempt would not give the hackers access to user wallets, people who may have gotten into the habit of copying their wallet address from the transaction history before sending digital asset balances could potentially send their funds to copycat addresses.
Because of this, the wallet provider warned users always to be careful and double-check their transactions before sending their balances. The firm highlighted that it would be best to check every single character of the wallet address to make sure that the funds will be sent to the correct wallet.

source: Scam alert: MetaMask warns crypto users about address poisoning
Jump to: