• MetaMask recently posted a warning about a new scam called “address poisoning”.
• This scam exploits absentmindedness when copying and pasting wallet addresses.
• Scammers use a “vanity” address generator to create addresses similar to the one the user is trying to send to, thus, the user’s funds are sent to the scammer’s address instead.
MetaMask recently warned the crypto community of a new type of scam called “address poisoning”. This type of scam is considered “rather innocuous compared to other scam types” as it relies on user carelessness and haste when copying and pasting wallet addresses. To understand how this type of scam works, one must first understand the way crypto addresses are typically presented.
Crypto addresses are usually long hexadecimal numbers that are difficult to remember and easy to mistake for other, similar addresses. To make it easier for users, wallet providers, including MetaMask, feature a one-click function to copy an address. However, this one-click function is what scammers take advantage of to perform address poisoning. Scammers observe and track transactions of particular tokens, with stablecoins commonly targeted. Using a “vanity” address generator, the scammer will create addresses similar to the one the user is trying to send to, thus, the user’s funds are sent to the scammer’s address instead.
To prevent falling victim to address poisoning, MetaMask recommends double checking the address one is sending funds to is the right one by manually inputting it in the wallet. Additionally, users should be mindful of the amount they are sending and if it is too large, they should use a multi-step verification process. Finally, MetaMask suggests not sending funds to addresses that are shorter than the standard length that wallet providers typically use.
Address poisoning is a clever scam that takes advantage of users’ inattention and absentmindedness when sending funds. It is important for users to be aware of this scam and be mindful when sending funds to make sure they are not a victim of address poisoning.