Topic: What are Address Poisoning Scams? (Read 838 times)

I always try to be very cautious when copying any address during a transaction, because what I fear the most is to make the mistake of sending my dear coins to the wrong address.
After learning about address poisoning scams, am very confident that my knowledge of and safe practices on the blockchain has improved and although I try to double and even triple check addresses during transactions, I value learning about ways to stay alert and be wary of scammers and their deviced scams.

Very confusing post Sonia. Let's break it down.

It doesn't. Address poisoning scams aren't common on the Bitcoin network. They are more common on alternative blockchains, but even then the two addresses aren't exactly like. Only a few characters at the beginning and the end are the same.

No one types addresses out character by character. You copy them. However, you don't copy them from blockchain explorers and transaction histories. You do it from the receive tab/receiving feature of your wallet.

I assume you mean characters. Remember that you said that addresses involved in poisoning scams look exactly like your bitcoin address? Now you are talking about the last two "wallet numbers" only a few sentences later.

This is an address that looks exactly like your Bitcoin address wallet,if not properly checked, you will be mistaken for yours, it is being created by fraudster in other to scam crypto users,when they are sending or receiving coins/tokens. These always come up on Blockchain and so, it is adviceable not to copy address even if it appears instead type and check the address properly before any transactions to avoid it because these scammers works on your two last wallet numbers.

The transaction you saw couldn't have been an outgoing transaction, only an incoming one from an address with similar characters as yours.

Correct, but a victim could use a wallet that still hasn't implemented such filtering and be tricked to copy an address from their wallet's transaction history. But I think the most popular ones have already introduced some type of measure to not show these types of transactions by default.

Yeah this happens on pretty much every blockchain. Even the L2 networks for ETH.

I remember the first time it happened I freaked out, because it showed that someone actually sent some transaction from my cold storage address, it didnt make any sense and I assumed my seed was in jeopardy. However after making a thread on Bitcointalk it was revealed that its an ETH bug where its possible to send transactions with 0 ETH and its main goal is an address poisoning attack, these days most of these are filtered on etherscan so you wont notice. But if you don't use an address book and copy and paste your recent transactions, then you are at risk.

In an interesting turn of events, the scammer decided to return 90% of the stolen coins in the last couple of days. The victim has been in contact with the scammer in the days following the incident. As we can see from the message exchange, the initial owner of the coins promised a 10% bounty if he returned 90%. That's like $6-7 million. Eventually, the scammer gave in, and they discussed terms over Telegram.

The scammer converted the wBTC to ETH, and we can now see over $66 million worth of ETH in the victim's account. It's going to be interesting to see if the owner will keep their promise and not pursue the scammer and try to identify them, depending on how the remaining coins move.

Full story here:
https://cryptopotato.com/71m-wbtc-dusting-attack-victim-recovers-stolen-loot/

I am pretty sure that there is a large enough group of people that do it for it to be worth the time and effort for scammers to come up with schemes like address poisoning. If that wasn't the case, you wouldn't have people like this guy who lost millions. Besides, people lose hundreds of millions yearly on different crypto scams. A good amount from that isn't due to hacking, but social engineering scams they fall victims to.

I see if thats the case then its kinda dangerous. Good thing I am always copying from my own wallet either from app or something safe. Does anybody used a wallet from a transaction and copied it? Maybe he is just unlucky to use that from the explorer when checking his transaction but really too bad on his side.

It doesn't have to be fake coins and tokens. In the example of the person who lost tens of millions of dollars in wBTC, he didn't receive fake tokens. He received a 0-value ETH transaction because the Ethereum network allows it. That transaction now shows up at the top of their wallet's transaction history. If they make a mistake and copy the address from there, thinking it's a different one, they will send their coins to a scammer.

Don't take shortcuts and you should be fine. These scams are successful because people are lazy to do things right.   

I see thats why there are some few transactions sent to our address. Anyway as long as we dont interact with these fakes coins or tokens that we knew we didnt sign up or do will be safe but sometime with clutters on our wallet we likely seen some of these and thought of it as legit.

Too many same name coins I received from to my wallet and obviously they are fake cause it can be seen on our wallets as flagged scam sometimes.

Dust attacks and address poisoning scams serve different purposes. Dust attacks are a means of trying to identify the users behind certain addresses by having them spend or consolidate the dust together with other coins in addresses connected to a verified identity. It's not a scheme to steal and scam people. Poisoning attacks are exactly that, a scheme to trick people and steal from them.    

That's not very likely to happen. These altcoins are account-based, not UTXO-based. Like I said previously, it's very likely you are using the same altcoin address for all your tokens. You can't freeze 1 cent of unwanted ETH in an address that holds the rest of your ETH.

This is a good info actually, not everyone  using  a wallet is aware of this besides we have alot of visitors who might need it amd even some users. I know people see it to be so dump to copy address from history but what you think might be so dumb to you, some still do it because they are ignorant  of it.
However I feel this is like a younger sibling   to dust attack although they both have the word "dust" involve .
In my view actually, this address  poisoning can also serve as dust attack  so far the user only needs to spend the coin sent with or without additionals... extra measures could be taken on addresses poisoning transaction like placing the new coin or new token address under coin control by not spending it or freezing the address entirely if there's choice for multiple adress .

Tell your friend to not use transaction histories for information about destination addresses. He may never run into problems, but it could also happen the next time he does it. I see no reason to gamble like that.

There is no reason why poisoning scams couldn't be used in Bitcoin and against Bitcoin users. But there a few reasons why they are less effective:

1. They cost more. Compared to Ethereum, Polygon or BSC, you have to pay more in fees to transfer Bitcoin. It might be enough to pay a few cents on alternative networks, but you may need $1 or $2 for bitcoin and maybe much more.

2. Bitcoin has a dust threshold. There is a minimum amount of satoshis that you have to send, which is known as the dust limit. I think 0-value outputs were possible on the Bitcoin network in the past but not anymore. Or, if they are, they are non-standard. Many alternative chains allow 0-value transactions.

3. Bitcoin isn't account-based. With Ethereum, Tron, etc., you have one account for the native coins and you use the same account for all your tokens. With Bitcoin, you have outputs spread across multiple addresses. Address reuse isn't popular for privacy reasons. Also, it doesn't save you any money to use the same address over and over again. You can't target a Bitcoin address as easy in an attempt to fool the user like you would for those alternative chains. If you and me did some trades, I would give you a new BTC address every time. But if we used ETH, all transactions would probably go into the same address even if its tokens and not the native coin.   

4. It's harder to generate similar-looking Bitcoin addresses. I am not an expert in this topic, but I think it takes more computational power to generate a similar-looking Bitcoin address compared to an Ethereum one, for example. And it gets exponentially harder the more unique custom characters you want. It's also close to impossible to make the last characters identical (like in the example of the person who lost +$70 million) because there is a checksum.   

When you need $10 for each address you try to lure into this scam it suddenly becomes really expensive to launch such an attack, plus the lack of activity, on BTC people don't deal with the other 100 confusing tokens and airdrops.
There are cases of the same kind of attacks with BTC but it's all a matter of how profitable they are.


It's just 70 million, let me copy the address from the history, not check it once more, what could get wrong, it's not like it's such a big sum anyhow, right? Probably the spammers are just as surprised as him.

Asking on behalf of a friend, is this address poisoning possible on a Bitcoin wallet? He is still copying addresses from his wallet transaction history, I want to know but I do tell him it's a bad practice, it is always better to copy from the receiver, either exchange or receivers themselves rather than your transaction history.

I was once a victim of this scam too, I lost a lot of money but after a few days I was able to get over the pain and learn my lesson, this happened on my Ethereum wallet though and I have always heard about Tron too but not Bitcoin.

The original topic of this thread also doesn't include Bitcoin in the list, maybe thats the case? I will be waiting for someone to reply me on this, maybe this address poisoning is only possible on smart contract-based blockchain projects.

An address poisoning scam involving wrapped bitcoin (wBTC) on the Ethereum network resulted in a victim losing over 1155 wBTC, worth $74 million currently. The scam happened on 3 May.

A little earlier, the victim received a 0-value transaction that was recorded in their transaction history. This transaction came from an address that had similar characters at the beginning and the end to the address the victim wanted to send the tokens to. Both addresses begin with "0xd9A1" and end with "853a91."

The victim wasn't careful and didn't check the whole address they were sending to. They probably copied the receiving address from their transaction history and ended up sending a fortune to a scammer.
It's a good lesson for everyone reading this. Don't be in a hurry, and take your time. Check the transaction data once or twice, and when you are sure everything is correct, check it a third time.


Read more about it here:
https://cryptopotato.com/costly-mistake-victim-loses-68-million-in-address-poisoning-scam/

Yes, they are vanity addresses. You can use your computational power to create a custom address for you. Of course, you can't customize the entire address, just a few characters. That's how it is for Bitcoin and I assume for other cryptocurrencies as well. Depending on the quality of your hardware, it can take a few seconds, minutes, or hours to create a custom vanity address with a few unique characters.

But I wouldn't play around with those. You will probably be reusing them, and you shouldn't for privacy reasons. There have also been various scams with fake vanity address generators.

How are these identical addresses are created?

I am not a crypto expert, so I don't know how creation of address works. Can we actually choose numeric numbers and alphabets of a address when we create them? Not all but the starting and ending part. I was just reading a topic of this address poisoning. And there was a mention of this thing "similar vanity address" (Address poisoning scams). I knew that seed phrase could be chosen manually, but now I see address could be also. I could be wrong though. Need some clarity here.

They could easily generate addresses on an open source using the profanity address generator, but there are I think vanity address generators, I think they could generate a custom prefix and suffix. They can generate a lot of addresses when I take a lot on how profanity works. There are issues I think on profanity where it could generate an address that is already owned by other users, but it was already abandoned by the creator because of the exploits.

We are all guilty of just looking at the first four or last character, I guess it is also possible on the Bitcoin network since you could just send micro-transactions as well.

My guess is that if you clicked on the confirm button, Binance would start checking your transaction data. They would look if you have the needed amount of coins in your wallet and that you are sending the BTC to a valid address. The entered address wouldn't pass the test. 1EZJTPt5thSBE8XaMGHHrePAt53DcQxdBg is a normal BTC address, 1EZJTPt5thSBE8XaMGHHrePAt53DcQxdBh is an invalid one. You can check that on any blockchain explorer. Enter the first one, and it will show you its transaction history. But for the second one, the site will tell you that the address doesn't exist or is invalid (depending on what type of error the service was configured to show).

You can easily check that with a software or hardware wallet. The client shouldn't allow you to create the transaction using the 2nd addy. When you send BTC through Ledger Live, the first step is entering the receiving address. When you enter a correct one, the continue button gets enabled. Paste a non-existing one and you won't be able to click on continue, and an error message informs you that you made a mistake.

Don't take my word for it, but I think it was nothing at all over Tron. You would get 0 USDT, for example. Nothing else.