Crypto-fraud: what is “targeted poisoning” and how to protect yourself from it?

Cryptocurrency owners are advised to carefully study the public addresses to which they can transfer their cryptocurrencies.

Fraud is on the rise in the crypto universe and you better beware. Its name is “address poisoning” or public address poisoning.

Public Address vs. Private Address

Before explaining this type of scam, let’s remember the difference between a public address and a private address. A private address is a sequence of characters that must remain private, allowing the user to carry out transactions (send cryptocurrencies, etc.). Only so-called cold or hot wallets allow users to store their own private keys and therefore their cryptocurrencies. Conversely, cryptocurrency exchange platforms store the private keys of users, who therefore do not own their cryptocurrencies.

For its part, the public address is a random sequence of numbers and letters, which can be compared to the RIB in France. A user can own multiple public addresses, each tied to their own cryptocurrency. The user will be able to send the public address to the recipient in order to receive cryptography to that address. These addresses can also be used on blockchains (Ethereum, Bitcoin, etc.). The two addresses (public and private) work together to complete the transaction.

Extended addresses

When a person uses a crypto wallet (wallet), he can hold several public addresses to which cryptocurrencies can be transferred. Thus, in order to transfer from account A to account B (from platform to wallet, from wallet to wallet, etc.), the manipulation consists in “copying” the public address to which cryptocurrencies can be transferred, and “pasting” it. from the media you want to transfer from. At this time, any informed user will verify that the copied-pasted address remains identical. However, since this address is very long and difficult to remember, some users may be trapped.

The public address looks like a sequence of letters and numbers, for example: 2A1xyzeTBFMCrypto65FRD78CffftFRdXsstxddX.

Until now, we have already known about this type of fraud. Your computer is infected with a virus and you make a copy-paste that forces you to paste the scammer’s public address. We know less about this new type of scam called “targeted poisoning.”

As a rule, when a user wants to make a quick copy-paste transfer, he mainly looks at the first 5 and last 5 characters of his public address. “This is exactly the trend that address poisoning is exploiting,” digital wallet MetaMask explained on Thursday.

Address poisoning is when scammers “send useless transactions to your account from an address very similar to yours. They hope you inadvertently copy this address into your transaction history in the future,” it says.

Result: simple inattention can cause you to transfer your coins to the scammer’s public address. How to protect yourself from such a threat? MetaMask is like a foundation.

“It is impossible to prevent people, including scammers, from sending transactions to your address,” since these addresses are publicly available on blockchains.

On the other hand, when faced with this phenomenon, MetaMask advises taking the time to verify that the public address you are transferring cryptocurrencies to is identical to your address (even if it is longer than just looking at the first and last 5 characters). Similarly, it is recommended to avoid copying and pasting from transaction history where malicious addresses can infiltrate.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.