Topic: What are Address Poisoning Scams? - page 2. (Read 838 times)

Isn't it micro transactions? like, for example, sending 0.000001 TRX is it possible to receive nothing in a wallet by just paying fees? I think it wouldn't register on your transaction history if it doesnt have value.


I think they are using tools like a profanity address generator, which could generate a custom prefix and suffix.

Tested this on binance and binance doesn't seem to warn the users in this case. Just used a random address.

Correct address : 1EZJTPt5thSBE8XaMGHHrePAt53DcQxdBg
Wrong address : 1EZJTPt5thSBE8XaMGHHrePAt53DcQxdBh

Replaced the last character alone and binance accepted it. I didn't proceed with the payment authentication but do you think they would have warned us after the authentication ?

Bitcoin addresses (I assume similar rules apply to the addresses of other cryptocurrencies) have a 4-byte checksum in the end. That number sequence protects against making copy/paste mistakes with addresses. Take a BTC address, paste it into your wallet software and change one of its characters, and the software will tell you that the address is invalid or non-existing. And you can't send to such an address, maybe not even with the worst type of wallet. More than only one character would have to change for the checksum to be OK: 

No it's definitely very hard to get more than 20 similar characters but there are two things to consider

1. May be the scammer can get 8 characters same i.e. the first 4 and last 4 characters.
Many people just check the first few and last few characters but tend to avoid the middle ones.

2. Just one different character is enough to send the amount to a different address.
May be we made a mistake in copy pasting or something but even if one character is wrongly entered then there are possibilities that the amount will be lost.

As for checking every character manually part it's quite easy. I have a strong short term memory and can remember 5-6 characters at once immediately.
So I verify the address 5 characters at a time and the whole address is verified by every character in not more than 30 seconds.
Would you risk your BTC for 30 seconds or lets say 1 minute ?

I don't think they can duplicate 20. But the problem is, if you check only the first 3-4 and the last 3-4, how are you going to know if the rest matches or not?

I can't remember the thread where this was discussed but it was probably in the technical Bitcoin boards. Someone created a discussion showing that scammers can match more than the usual couple of starting and ending characters in a bitcoin address from a huge pool of already generated addresses. I don't think it was used in a scheme to scam someone, but to show the current capabilities. Doublechecking only a few characters in the beginning and end is getting less and less safe. Do more for your own safety. 

The scammers didn't send anything at all. The transactions were empty, they only paid the network fees.

I'm just curious on this one.

Is it possible on the tron network that they can generate these type of wallet addresses so, this is like vanity addresses? where the first and last addresses can be modified depending on what are the characters they want to generate?

Honestly, I'm guilty on this one that I just look at the first and last characters of my addresses but this is for bitcoin and not with tron or any other altcoin.

I am quite confused here, actually i read a post of Becassine in which he was sharing that his money did not reflected in his wallet and then i read another post of Ale88 that he also faced the same issue, it just shaken me up because i have few dollars in mine (hahaha) i know those are less but for me every penny matters. So new posts were coming regarding to this issue, actually i did not read the whole story, i thought both didn't received the money but they did, it just did not reflected in their wallets, What type of attack is this because i can see from December "Address Poisoning" is on top, How are these attackers are able to generate such customized addresses similar to ours.

I am just confused now that, are these two are different type of attacks, because i have less knowledge about attacks on BTC wallets or any other hot wallet. Because Charles-Tim's mentioned the same issue of Trust wallet on this topic of Address Poisoning, are these the same thing?

Note*TBH this thread was of great knowledge to me, i learn two things one is Address Poisoning and second is Dust attacks, actually i spent no time on learning about these attacks before.

There were a lot of these cases on the TRON network, sending a small amount of Tron to wallets, scammers creating a similar address copying some of the first or last characters of the address hoping that the user will get lazy since we sometimes use to just checking the first few or last characters on our address.

The best thing to do is to follow best practices when sending our coin or when receiving tokens. Copying addresses without even checking them is one of the worst things that we can do.

I have seen some people get scammed up to 25k$ and it's actually very cheap to make this transaction by sending multi transactions to multiple users, But as long as we are aware of these scams the chances As long as we are aware of this scams the probability of getting scam plummets to a lower percentage.

How do you do that, man? I have never been that patient to check all the alphabet from an address to make sure I'm not going to be scammed. Well, I usually check a few first and last characters, and most of the time, if the address is a used one, I check with the blockchain explorer to identify the address from the transaction history lol. That's far easy I think than checking every character manually.
What's the chance that a scammer can generate almost the same address through a vanity search? Maybe it's possible to have the same address for a few characters but is it possible to have a similar address of mine with a similarity of more than 20 characters for example?

You are probably talking about dust attacks on the Bitcoin network. That's when spammers and scammers send just enough satoshis to be above the dust limit hoping you will consolidate the coins you receive together with other UTXO that might help in identifying who you are. The goal with address poisoning scams is different as explained in the OP.

Keep doing that. Better be safe than sorry. That one minute you saved because you were in a hurry can potentially get you in trouble.

I did know that scammers make near to zero transactions to many different addresses but I had heard that they do it for tracking the addresses.
I always wondered what could be the reason someone would track the addresses but I guess the real reason is what OP has mentioned in his post.
Copying addresses is where many people in crypto community have made mistakes and lost their coins.
I have a general practice to copy the address from wallet and reverify every alphabet of the address after pasting.
It hardly takes a minute but saves us our precious coins.

Tron's governance update from a few weeks ago that bumped the network fees by up to 50% in some cases seems to have stopped these address poisoning schemes. Or it wasn't financially rewarding enough for the scammers to keep going. Do any users of alternative chains still see these malicious transactions in their wallets?

Bitcoin's blockchain was never the primary target for this. With the introduction of Bitcoin Ordinals, which increased the average mining fees, it's even less likely we will see something like this on Bitcoin.

Many people are still way too gullible to use the internet, let alone bitcoin or any other cryptocurrency. 

Yeah, that's pretty much it. The scammer wants you to copy his address that will pop up at the top of your transaction history in your wallet or do the same thing using a blockchain explorer.

I am sure the addresses are monitored by a bot or smart contract maybe. The fake transaction sometimes gets broadcasted 15-20 seconds after a legitimate one. The scammers want their entry to be the first you see in your wallet.

Yeah, that's not going to work yet. I should probably not say this, but it doesn't matter. Water under the bridge already. Back when smartphones started becoming a thing, I helped a close family member to get acquainted with her phone. An older lady, let's keep it at that. I realized she would need some time to figure it all out, but I never imagined what would happen. A few weeks later, she calls me to ask if I can help her get rid of something on her phone. When I get there, I see her phone has been bombarded with SMS messages from someone/something. She kept receiving new offers to contact a "girl" because the girl has heard that she can keep it up and go for hours. I am not making this up. It was both funny and sad at the same time. She couldn't even remember what she clicked on that got her into that situation, or she was ashamed to say.

I still think it has to be way more than this to fall for this trap! Way more! Add unfit-to-own crypto to the list or something like that!
I mean seriously, who will look at the addresses and see that it has received some coins from x and instead of sending to his normal dress will just copy-paste x? Is this all that this "attack does" (copied from your links)?


What are the chances of this actually happening, let's forget the laziness, stupidity whatever, but not only this it will still need another thing, for the victim to not receive any other transaction to his wallet until he decides to send some coins out.

Furthermore, this whole thing is just ridiculous:



In the example of the article, the victim sends the transaction to an address that starts with 0x61, completely different than any address in the wallet or that has been used before,  I don't think that there is anybody who checks the last characters first and then simply decides to send while the first two are obviously not the same.

Just as you said I don't know how lucrative this would be on a different chain, probably on BNB or other networks it might work, on BTC fees will kill this spam immediately. Still, $1.5 million? Losing faith the whole be your own bank thing would work in this world!

Stupidity, laziness, being in a hurry, being careless... people use different excuses and justifications for why something bad happened to them. I have even heard someone say it's the network's fault for allowing such near-zero transactions to be recorded in the first place. Beginners and newbies are the primary targets, and since the scammers have earned over $1.5 million already (minus the costs for broadcasting the transactions), it's obviously working to some extent.     

Let no one be offended, but how stupid do you have to be to copy a coin address from a list of transactions, and still blindly believe that it is your address? In addition, in most cases (whenever possible) for privacy reasons, it is recommended to use new addresses, but I believe that many people are not even aware that they can have an unlimited number of coin addresses, because they might compare it to opening a bank account.

However, as we can see, this is aimed more at altcoins users than Bitcoin users, and it seems to me like a fairly trivial scam that only relatively inexperienced users can fall for.

the EVM chain is become one biggest targets for scammers, to be honest, I just heard this today from you. I actually like playing with DeFi on EVM chain so many dapp there the fee is cheap rather than bitcoin.

and there is type of scam till this day that fake token send to your address when you try to sell it boom your money is gone so please beware guys add more tips dont do any approval in new dapp that u dont hear it before, and if u still want do transaction read carefully what the smart contract asking for and revoke the access when you are done

That's true when we are talking about Bitcoin. With account-based networks like Tron or Ethereum you always reuse the same receiving address, unless, of course, you want to use multiple accounts. But using multiple accounts also requires that they are all funded with the native tokens - TRX on Tron accounts or ETH on Ethereum accounts. Luckily, Bitcoin doesn't have those problems because pay your fees in the same asset you are transacting with.   

With the publicity that dust transactions have received over the years, one would think that people would be wary of small insignificant transactions showing up in their wallets and also be more careful when creating a transaction, actually crosschecking that they copied it from the right source and that the entire address corresponds, not just skimming through the first and last characters.

"Safety Measures and What to do Next"
In addition, when possible users should not reuse addresses. Always generating a new unused address each time you are receiving crypto could prove useful.

- Jay -

The first time I heard about this scam method was in connection with Tron and Tron-based tokens.It might have started there and then expanded to other networks.

Ethereum's gas recommendations were several hundred gwei at times in the past while Ethereum was still on POW. They don't reach those numbers anymore and go as low as 5-15 gwei more recently. So, it's much cheaper to spam the Ethereum network now compared to that it was like before.

Don't forget that the scammers attempting these schemes have to pay transaction fees just like anyone else transacting over those blockchains. It's not going to be successful unless the fake address matches that of the victim for the first and last couple of characters. Bitcoin has been spared so far probably because more computational power is required to generate look-alike addresses compared to other blockchains. But who knows what the future might bring.