Topic: What are Address Poisoning Scams? (Read 552 times)

Yes, they are vanity addresses. You can use your computational power to create a custom address for you. Of course, you can't customize the entire address, just a few characters. That's how it is for Bitcoin and I assume for other cryptocurrencies as well. Depending on the quality of your hardware, it can take a few seconds, minutes, or hours to create a custom vanity address with a few unique characters.

But I wouldn't play around with those. You will probably be reusing them, and you shouldn't for privacy reasons. There have also been various scams with fake vanity address generators.

How are these identical addresses are created?

I am not a crypto expert, so I don't know how creation of address works. Can we actually choose numeric numbers and alphabets of a address when we create them? Not all but the starting and ending part. I was just reading a topic of this address poisoning. And there was a mention of this thing "similar vanity address" (Address poisoning scams). I knew that seed phrase could be chosen manually, but now I see address could be also. I could be wrong though. Need some clarity here.

They could easily generate addresses on an open source using the profanity address generator, but there are I think vanity address generators, I think they could generate a custom prefix and suffix. They can generate a lot of addresses when I take a lot on how profanity works. There are issues I think on profanity where it could generate an address that is already owned by other users, but it was already abandoned by the creator because of the exploits.

We are all guilty of just looking at the first four or last character, I guess it is also possible on the Bitcoin network since you could just send micro-transactions as well.

My guess is that if you clicked on the confirm button, Binance would start checking your transaction data. They would look if you have the needed amount of coins in your wallet and that you are sending the BTC to a valid address. The entered address wouldn't pass the test. 1EZJTPt5thSBE8XaMGHHrePAt53DcQxdBg is a normal BTC address, 1EZJTPt5thSBE8XaMGHHrePAt53DcQxdBh is an invalid one. You can check that on any blockchain explorer. Enter the first one, and it will show you its transaction history. But for the second one, the site will tell you that the address doesn't exist or is invalid (depending on what type of error the service was configured to show).

You can easily check that with a software or hardware wallet. The client shouldn't allow you to create the transaction using the 2nd addy. When you send BTC through Ledger Live, the first step is entering the receiving address. When you enter a correct one, the continue button gets enabled. Paste a non-existing one and you won't be able to click on continue, and an error message informs you that you made a mistake.

Don't take my word for it, but I think it was nothing at all over Tron. You would get 0 USDT, for example. Nothing else.

Isn't it micro transactions? like, for example, sending 0.000001 TRX is it possible to receive nothing in a wallet by just paying fees? I think it wouldn't register on your transaction history if it doesnt have value.


I think they are using tools like a profanity address generator, which could generate a custom prefix and suffix.

Tested this on binance and binance doesn't seem to warn the users in this case. Just used a random address.

Correct address : 1EZJTPt5thSBE8XaMGHHrePAt53DcQxdBg
Wrong address : 1EZJTPt5thSBE8XaMGHHrePAt53DcQxdBh

Replaced the last character alone and binance accepted it. I didn't proceed with the payment authentication but do you think they would have warned us after the authentication ?

Bitcoin addresses (I assume similar rules apply to the addresses of other cryptocurrencies) have a 4-byte checksum in the end. That number sequence protects against making copy/paste mistakes with addresses. Take a BTC address, paste it into your wallet software and change one of its characters, and the software will tell you that the address is invalid or non-existing. And you can't send to such an address, maybe not even with the worst type of wallet. More than only one character would have to change for the checksum to be OK: 

No it's definitely very hard to get more than 20 similar characters but there are two things to consider

1. May be the scammer can get 8 characters same i.e. the first 4 and last 4 characters.
Many people just check the first few and last few characters but tend to avoid the middle ones.

2. Just one different character is enough to send the amount to a different address.
May be we made a mistake in copy pasting or something but even if one character is wrongly entered then there are possibilities that the amount will be lost.

As for checking every character manually part it's quite easy. I have a strong short term memory and can remember 5-6 characters at once immediately.
So I verify the address 5 characters at a time and the whole address is verified by every character in not more than 30 seconds.
Would you risk your BTC for 30 seconds or lets say 1 minute ?

I don't think they can duplicate 20. But the problem is, if you check only the first 3-4 and the last 3-4, how are you going to know if the rest matches or not?

I can't remember the thread where this was discussed but it was probably in the technical Bitcoin boards. Someone created a discussion showing that scammers can match more than the usual couple of starting and ending characters in a bitcoin address from a huge pool of already generated addresses. I don't think it was used in a scheme to scam someone, but to show the current capabilities. Doublechecking only a few characters in the beginning and end is getting less and less safe. Do more for your own safety. 

The scammers didn't send anything at all. The transactions were empty, they only paid the network fees.

I'm just curious on this one.

Is it possible on the tron network that they can generate these type of wallet addresses so, this is like vanity addresses? where the first and last addresses can be modified depending on what are the characters they want to generate?

Honestly, I'm guilty on this one that I just look at the first and last characters of my addresses but this is for bitcoin and not with tron or any other altcoin.

I am quite confused here, actually i read a post of Becassine in which he was sharing that his money did not reflected in his wallet and then i read another post of Ale88 that he also faced the same issue, it just shaken me up because i have few dollars in mine (hahaha) i know those are less but for me every penny matters. So new posts were coming regarding to this issue, actually i did not read the whole story, i thought both didn't received the money but they did, it just did not reflected in their wallets, What type of attack is this because i can see from December "Address Poisoning" is on top, How are these attackers are able to generate such customized addresses similar to ours.

I am just confused now that, are these two are different type of attacks, because i have less knowledge about attacks on BTC wallets or any other hot wallet. Because Charles-Tim's mentioned the same issue of Trust wallet on this topic of Address Poisoning, are these the same thing?

Note*TBH this thread was of great knowledge to me, i learn two things one is Address Poisoning and second is Dust attacks, actually i spent no time on learning about these attacks before.

There were a lot of these cases on the TRON network, sending a small amount of Tron to wallets, scammers creating a similar address copying some of the first or last characters of the address hoping that the user will get lazy since we sometimes use to just checking the first few or last characters on our address.

The best thing to do is to follow best practices when sending our coin or when receiving tokens. Copying addresses without even checking them is one of the worst things that we can do.

I have seen some people get scammed up to 25k$ and it's actually very cheap to make this transaction by sending multi transactions to multiple users, But as long as we are aware of these scams the chances As long as we are aware of this scams the probability of getting scam plummets to a lower percentage.

How do you do that, man? I have never been that patient to check all the alphabet from an address to make sure I'm not going to be scammed. Well, I usually check a few first and last characters, and most of the time, if the address is a used one, I check with the blockchain explorer to identify the address from the transaction history lol. That's far easy I think than checking every character manually.
What's the chance that a scammer can generate almost the same address through a vanity search? Maybe it's possible to have the same address for a few characters but is it possible to have a similar address of mine with a similarity of more than 20 characters for example?

You are probably talking about dust attacks on the Bitcoin network. That's when spammers and scammers send just enough satoshis to be above the dust limit hoping you will consolidate the coins you receive together with other UTXO that might help in identifying who you are. The goal with address poisoning scams is different as explained in the OP.

Keep doing that. Better be safe than sorry. That one minute you saved because you were in a hurry can potentially get you in trouble.

I did know that scammers make near to zero transactions to many different addresses but I had heard that they do it for tracking the addresses.
I always wondered what could be the reason someone would track the addresses but I guess the real reason is what OP has mentioned in his post.
Copying addresses is where many people in crypto community have made mistakes and lost their coins.
I have a general practice to copy the address from wallet and reverify every alphabet of the address after pasting.
It hardly takes a minute but saves us our precious coins.

Tron's governance update from a few weeks ago that bumped the network fees by up to 50% in some cases seems to have stopped these address poisoning schemes. Or it wasn't financially rewarding enough for the scammers to keep going. Do any users of alternative chains still see these malicious transactions in their wallets?

Bitcoin's blockchain was never the primary target for this. With the introduction of Bitcoin Ordinals, which increased the average mining fees, it's even less likely we will see something like this on Bitcoin.

Many people are still way too gullible to use the internet, let alone bitcoin or any other cryptocurrency. 

Yeah, that's pretty much it. The scammer wants you to copy his address that will pop up at the top of your transaction history in your wallet or do the same thing using a blockchain explorer.

I am sure the addresses are monitored by a bot or smart contract maybe. The fake transaction sometimes gets broadcasted 15-20 seconds after a legitimate one. The scammers want their entry to be the first you see in your wallet.

Yeah, that's not going to work yet. I should probably not say this, but it doesn't matter. Water under the bridge already. Back when smartphones started becoming a thing, I helped a close family member to get acquainted with her phone. An older lady, let's keep it at that. I realized she would need some time to figure it all out, but I never imagined what would happen. A few weeks later, she calls me to ask if I can help her get rid of something on her phone. When I get there, I see her phone has been bombarded with SMS messages from someone/something. She kept receiving new offers to contact a "girl" because the girl has heard that she can keep it up and go for hours. I am not making this up. It was both funny and sad at the same time. She couldn't even remember what she clicked on that got her into that situation, or she was ashamed to say.

I still think it has to be way more than this to fall for this trap! Way more! Add unfit-to-own crypto to the list or something like that!
I mean seriously, who will look at the addresses and see that it has received some coins from x and instead of sending to his normal dress will just copy-paste x? Is this all that this "attack does" (copied from your links)?


What are the chances of this actually happening, let's forget the laziness, stupidity whatever, but not only this it will still need another thing, for the victim to not receive any other transaction to his wallet until he decides to send some coins out.

Furthermore, this whole thing is just ridiculous:



In the example of the article, the victim sends the transaction to an address that starts with 0x61, completely different than any address in the wallet or that has been used before,  I don't think that there is anybody who checks the last characters first and then simply decides to send while the first two are obviously not the same.

Just as you said I don't know how lucrative this would be on a different chain, probably on BNB or other networks it might work, on BTC fees will kill this spam immediately. Still, $1.5 million? Losing faith the whole be your own bank thing would work in this world!

Stupidity, laziness, being in a hurry, being careless... people use different excuses and justifications for why something bad happened to them. I have even heard someone say it's the network's fault for allowing such near-zero transactions to be recorded in the first place. Beginners and newbies are the primary targets, and since the scammers have earned over $1.5 million already (minus the costs for broadcasting the transactions), it's obviously working to some extent.     

Let no one be offended, but how stupid do you have to be to copy a coin address from a list of transactions, and still blindly believe that it is your address? In addition, in most cases (whenever possible) for privacy reasons, it is recommended to use new addresses, but I believe that many people are not even aware that they can have an unlimited number of coin addresses, because they might compare it to opening a bank account.

However, as we can see, this is aimed more at altcoins users than Bitcoin users, and it seems to me like a fairly trivial scam that only relatively inexperienced users can fall for.