Topic: What are Address Poisoning Scams? - page 3. (Read 838 times)

Alert to Trust Wallet users: There's an ongoing address spam, be more cautious.

I got scammed out of 100000 dollars by fake 0 dollars withdrawal on BSC

This even happened to me last month with USDT TRC20 transaction. But I always copy from recipient address which makes the scam not possible to happen to me. Even if I want to send to myself, I copy address from the address list on my wallet, not from previous transaction or transaction history. But it was obvious for me that the zero transaction was not mine.

ERC20 transactions may not have cheap fee, even bitcoin transaction that people think it has high fee can be of cheap fee, bitcoin mempool is always not congested most of the time since many months ago, more than a year or 2 now. But this has not been experienced on bitcoin blockchain.

Someone sent ERC20 from my cold storage

Many of you have probably heard, and some have even experienced address poisoning scams. It's a relatively new type of fraudulent scheme, which has become popular in the last 30-40 days. It appears on blockchains with cheap transaction fees, allowing scammers to send many low-cost transactions. I have not read about cases where this affected the Bitcoin network, but it’s still worth knowing about just in case you experience it in your BTC wallet in the future. Hardware wallet manufacturers, like Ledger have reported that scammers are targeting their users as well. So, stay alert.   

What is Address Poisoning, and How Does it Work?

This scam works by sending potential victims small (near-zero) crypto transactions. You will see a new entry in your transaction history when that happens. The address that sends the coins/tokens will look similar to yours. The first and last two to four characters will be identical.

The scammer wants to make you think that this is your own address. So, you copy it from your transaction history when sending coins to yourself or give it to a different party to pay you. In that case, the funds will be transferred to the fraudster and not to you. 

On which Blockchains is Address Poisoning Common? 

Users of the following blockchain networks have already experienced address poisoning in one way or the other:

1.   Tron
2.   Binance Smart Chain
3.   Polygon
4.   Ethereum
5.   Maybe others

Safety Measures and What to do Next

If you were a victim of address poisoning, there are no reasons to panic. No one is targeting you personally. Fraudsters prey on those who make frequent transactions and move significant sums of money.

Your coins aren't at risk. Your private keys/seed hasn't leaked, and no one has gained control of your addresses, no matter the transaction history. There is no protection against address poisoning, per se, because you can't restrict someone from sending you crypto. It's safe to use those coins as well. 

There are a few things you should always do to stay safe when sending and receiving crypto:


•   Never copy addresses from your wallet's transaction history.
•   Never copy addresses from a blockchain explorer.
•   Always generate or copy addresses from your wallet's receive or addresses tab.
•   When sending coins elsewhere, copy the address from the source/destination.
•   If you are transferring crypto to a different person, ask the other party for the correct address.
•   Verify the full address, not just the first and last couple of characters.
•   If you use a hardware wallet, ensure the address in your software matches the one shown on your device's screen.   
•   Be prepared to double and triple-check if needed because cryptocurrency transactions are irreversible. So, once your money is gone, it's lost forever. As can be seen, it's better to spend an extra minute checking what you are doing than regretting you didn't.


For more information on address poisoning scams, take a look at these sources:

Beware Of Address Poisoning Scams
Address Poisoning Attack, A Continuing Threat
SlowMist: Another Airdrop Scam, but with a twist