1. What is a cryptocurrency address poisoning?
Address poisoning is a common phishing scam in the cryptocurrency industry. Its purpose is not to directly steal your digital assets but to "pollute" or "poison" your transaction history, causing you to mistakenly send funds to an address controlled by a scammer during future transactions.
The scammer's goal is to "plant" a malicious but seemingly familiar address in your transaction history.
The next time you need to send funds to a contact (e.g., an exchange or a friend you frequently transfer money to), you might look for that address in your history. Since both a correct address and a fake, similar-looking address created by the scammer exist in your history, it's easy to mistakenly select the fake one in a hurry.
Once you send funds to this fake address, they are immediately transferred by the scammer, and due to the irreversible nature of blockchain, these funds cannot be recovered.
2. How does address poisoning work?
The attack process typically involves several steps:
1. Monitor the network: Scammers monitor public blockchain networks (such as Bitcoin, Ethereum, etc.) in real time.
2. Identify targets: When they notice you making a normal transaction, they record your wallet address and the counterparty's address.
3. Forge a transaction: The scammer sends a very small amount of cryptocurrency (e.g., $0.001) from a wallet address they control to your own address. This appears as a normal transaction record.
4. Fake address: The key is that the scammer-controlled address has the same starting and ending characters as the address you commonly use (or have recently transacted with).
3. How can I identify an address poisoning attack? What should I do if I receive a "poisoned" transaction?
First, develop the following habits:
Carefully verify the full address: Never check only the beginning and end of an address! You must scroll through and verify the characters in the middle. It is difficult for scammers to forge an entirely identical address, so the middle part will always differ.
Check transaction details: If you see a transaction in your history from an unknown address involving a very small amount (especially one you don't recall) and the address resembles one of your frequently used addresses, it is likely a "poisoning" attempt. Immediately label this address (e.g., "suspected scam address") or blacklist it (if your wallet supports this feature).
Be wary of unknown transactions: Unexpected transfers from unfamiliar addresses appearing in your wallet are sometimes bait for poisoning attacks, aiming to insert fake records into your transaction history.
If you receive an address poisoning transaction, also remember to:
Don’t panic: Receiving a poisoning transaction itself does not compromise your wallet's security or cause any loss of assets. Your Ballet wallet's private key nonce and password nonce remain secure.
Do not interact with it: Never attempt to send back the small amount of tokens received or interact with any fake airdrop websites that may follow. This could trigger other types of scams.