Cryptocurrency security remains a top concern, especially in the early stages of blockchain technology development. As the crypto space evolves, malicious actors continue to exploit vulnerabilities, posing risks to both inexperienced investors and seasoned traders. In this article, we will explore the concept of address poisoning and discuss a recent surge in spam transactions, shedding light on how crypto users can protect themselves in this evolving landscape.
Address Poisoning: A Hidden Threat
Address poisoning is a relatively new scamming technique that leverages the complexity of cryptocurrency addresses to deceive users. Unlike more destructive scams, such as phishing attacks, upgrade scams, and investment frauds, address poisoning doesn't immediately drain your wallet, but it can still erode your resources over time.
Address poisoning operates by sending small amounts of cryptocurrency or NFTs from an address that closely resembles the victim's own. The malicious actor hopes the user will inadvertently copy this deceptive address for future transactions, thinking it's their own. This results in funds being sent to the scammer's address instead of the intended recipient.
Crypto addresses are typically long strings of alphanumeric characters, making them challenging to memorize. Hackers utilize open-source tools like Profanity to generate look-alike addresses, taking advantage of users' tendencies to check only the first and last characters. This oversight becomes the scammer's opportunity.
To avoid falling victim to address poisoning, it's imperative to double-check your address before initiating any transaction. Lazy or rushed users are more susceptible to this type of attack. Address poisoning has been observed on blockchains like Polygon, Binance Smart Chain, and Tron, where low transaction fees make it cost-effective for scammers to execute such schemes. However, it's important to note that address poisoning incidents have also occurred on the Ethereum blockchain.
A recent example involved Arbitrum, an Ethereum layer 2 scaling solution. Over 630 wallet addresses fell victim to address poisoning, resulting in a loss of 933,365 ARB tokens. The attacker exploited a malicious ARB token contract and paired it with a phishing attack, demonstrating a more advanced form of address poisoning.
Spam Attacks: Disrupting the Status Quo
In mid-December 2022, Etherscan began identifying "spam" transactions, marking them with warnings and greyed-out visuals. These spam transactions serve as another security concern for crypto users.
Starting from November 28th, 2022, there has been a surge in spam attacks, affecting numerous customer accounts. Victims have received Webhook or iOS push notifications for outbound USDC/USDT transactions that they never initiated.
The good news is that your funds are safe in these instances. The spammers attempt to "pull" zero tokens from your address to another address, and it's worth noting that they cover the gas fees for these transactions. The objective of spam attacks appears to be to confuse users by adding a spam transaction immediately after a valid transaction with a similar address, hoping users will send funds to the spammers by mistake.
These spam addresses often resemble valid ones, particularly in the first and last few digits. This tactic can lead to errors, especially if users only inspect these portions of an address.
To protect yourself from spam attacks and address poisoning:
Be cautious when using transaction lists as sources for addresses, as spam transactions will appear.
Avoid copying and pasting addresses from untrusted sources.
Always check the full address, not just the first and last segments.
Implement additional checks when signing transactions, especially in multi-signature wallet policies.
While blockchain technology offers transparency and traceability, it's equally susceptible to scams, including address poisoning and spam attacks. Staying vigilant and practicing good address verification habits are essential in this evolving crypto landscape.
Further information can be found here