What is “address poisoning” and how to protect yourself from it?

Cryptocurrency holders are encouraged to take a closer look at the public addresses to which they will transfer their cryptocurrencies.

A scam is growing in the crypto universe and you better watch out. Its name: “address poisoning” or public address poisoning.

Public Address vs. Private Address

Before we explain this type of fraud, let’s remember the difference between a public address and a private address. A private address is a sequence of characters that must remain confidential, which allows a user to perform transactions (sending cryptocurrency, etc.). Only so-called cold or hot wallets allow users to hold their private keys and thus their cryptocurrencies. In contrast, crypto exchange platforms hold the private keys of users who therefore do not hold their own cryptos.

In turn, a public address is a random sequence of numbers and letters that can be compared to a RIB in France. A user can own multiple public addresses, with each address associated with a cryptocurrency owned. A user will be able to send a public address to a recipient to receive cryptos at this address. These addresses can also be consulted on blockchains (Ethereum, Bitcoin, etc.). The two addresses (public and private) work together to complete a transaction.

Extended addresses

When a person uses a crypto wallet (wallet), he can maintain several public addresses to which he can transfer cryptocurrencies. Thus, to make a transfer from an account A to an account B (platform to wallet, wallet to wallet, etc.), a manipulation consists in “copying” the public address to which cryptocurrencies can be transferred and “pasting” the her. from the medium you want to transfer from. At that time, any informed user will check that the copied-pasted address remains identical. However, since this address is very long and difficult to remember, some users may fall into traps.

A public address looks like a sequence of letters and numbers like this: 2A1xyzeTBFMCrypto65FRD78CffftFRdXsstxddX

By now, we already knew about this kind of fraud. Your computer is infected by a virus and you do a copy-paste that causes you to paste the public address of a scammer. We know less about this new type of fraud called “address poisoning”.

Generally, when a user wants to make a quick transfer using copy-paste, he mainly looks at the first 5 and last 5 characters of his public address. “It’s this tendency that addresses poisoning exploits,” the digital wallet explained Thursday. MetaMask.

Address poisoning is where fraudsters “send worthless transactions to your account from an address very similar to yours. They hope that you will inadvertently copy that address into your transaction history in the future,” it read.

The result: a simple carelessness can lead you to transfer your coins to a scammer’s public address. How to protect yourself from such a threat? MetaMask remembers a basic.

“There is no way to prevent people, including fraudsters, from sending transactions to your address,” since those addresses are public on blockchains.

On the other hand, faced with this phenomenon, MetaMask advises to take the time to check if the public address to which you are transferring cryptocurrencies is identical to your address (even if it is longer than just looking at the first and last 5 characters). Similarly, it is advisable to avoid copying and pasting from transaction history, where malicious addresses can sneak in.

Leave a Comment