- More than 1.6M (in Ethereum) of losses in poison address scams within one week.
- Fraudsters use wallet history and copy-pasting errors.
- Attention to address details is crucial to avoid scams.
Ethereum users have suffered another round of fraud that drained more than $1.6 million this week alone. One of the victims lost about 636,000 dollars by sending 140 ETH to the scam address. This event has brought to light an alarming scam known as address poisoning that misleads users by giving them tainted wallet histories.
Source – X
The fraud takes advantage of copy-paste mistakes that result in sending funds to similar, fake addresses rather than the target addresses.
A number of poisonous addresses contaminated the transaction history of the victim. Later, a copy-paste error resulted in an expensive transfer. The incident was documented by crypto scam detection platform ScamSniffer, which stated that the user had sent 140 ETH to a seeded, fake address.
In the strategy, it is difficult to know that it is a scam because they exploit the fact that users trust their own transaction history.
Millions Lost in Seven Days: An Epidemic that is Spreading
A recent surge has been seen in address poisoning scams. The week alone lost $1.6 million; that is more than the total amount lost in the whole month of March ($1.2 million).
Several warnings concerning the extent of the crisis were collected by cybersecurity companies. A second big victim lost 880 thousand dollars worth of cryptocurrencies due to the same trick. Other users lost 80,000 and 62,000 dollars.
The trick behind this scam is how wallets are presented. In many wallet clients, long addresses are truncated to display just a small number of characters at each end.
To deceive people, hackers construct bogus addresses that are similar to genuine ones by matching the start and end characters. The intermediary characters are different and are easily overlooked.
The outcome: the users who copy the addresses they have been transacting with into their transaction history may accidentally choose a poisoned address of a scammer.
The scam is possible due to repetitive, minor fraudulent activities that are sent to the wallets of innocent users to pollute their history.
The Way the Scam Works and Why It Works
According to security experts, attackers use small or zero-value transactions to victims in order to add their own fake addresses to the history of the victims.
These addresses appear almost the same as those of the real ones. The victims wind up giving more cryptocurrency to the scammers because they keep making the same mistake, copying the wrong address.
An address poisoning attack in May 2024 saw an investor send the incorrect amount of Wrapped Bitcoin to a scam address, losing US$71 million.
Address poisoning scams are becoming an increasingly common and expensive form of money laundering as crypto becomes increasingly adopted. It is a stark reminder to Ethereum users and other individuals in the crypto space to verify addresses before transferring money.
