MetaMask has reported an increase in address poisoning attacks. Let’s take stock of this fraud, which is all about inattention, as well as the means to protect yourself against it.
What is address poisoning?
MetaMask wallet support alerted the community to the phenomenon of “the poisoning addressor skill poisoning in French, which tends to spread. Its concept is simple: take advantage of an investor’s inattention to steal his cryptocurrencies.
A new scam called ‘Address Poisoning’ is on the rise. Here’s how it works: after you send a normal transaction, the scammer sends a $0 token txn, ‘poisoning’ the txn history. (1/3)
— MetaMask Support (@MetaMaskSupport) January 11, 2023
To carry out his attack, a malicious person fetches addresses that often exchange funds. This may be a sign that only one person has address A and address B, and that they regularly migrate cryptocurrencies between the two.
The attacker then creates an address similar to address A or B thanks to a “vanity” address generator. This type of software makes it possible to generate a private key, for a public address containing certain specific characters.
For example, let’s choose a completely arbitrary address on Etherscan: 0x8e7Ec153f5362f71083eF0Fd5784dc082c07404D. Imagine that a hacker wants to target this address, which we will call “address A”, he could then seek to create an address containing the same last four characters, on a service like “Vanity-ETH”. Indeed, it is generally easier to remember the end or the beginning of an address rather than its complete alphanumeric sequence:
Private key generated with a personalized address thanks to Vanity-ETH
With this new address, the hacker will then send a small amount of cryptocurrency to the targeted addressnamely “address B”, so that the fraudulent address appears in the history of its future victim, reminiscent of address A.
During its next exchanges from address B, it will suffice that the target mechanically copies the fraudulent address into its transaction historythinking it has copied address A, so that it then sends its funds on its own to the attacker.
👉 To go further – Find our guide on best practices to limit the risk of hack
The best way to secure your cryptocurrencies 🔒
🔥 The world leader in crypto security
👉 Listen to this article and all other crypto news on Spotify
How to protect against such attacks?
To date, there is, a priori, not possible to block incoming transactions on a public blockchain such as Ethereum (ETH). This means that everyone can see their addresses polluted withaddress poisoning. Faced with this observation, the best defense remains vigilance.
Most wallets such as Frame or MetaMask in particular, or Keplr to take an example with the Cosmos ecosystem (ATOM), allow you to copy an address directly from the application. This facility avoids having to look for an address in its transaction history and risk being trapped.
If it proves necessary to search in the said history to find an address, it will then be necessary to make 100% sure it’s the right one.
The use of personalized addresses was also used in the Convex (CVX) DNS attack in June 2022, where smart contracts were replaced on the website by the hacker, in favor of his own vanity addresses.
An attempt at fraud, apparently as simple asaddress poisoningtherefore recalls that very often, the main flaw in a system remains the human factor.
👉 Also in the news – Godfather: the virus that would target 400 banking and cryptocurrency applications
Progress in the world of cryptocurrencies with Cryptoast experts 📘
Source: MetaMask
Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky in nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.