• MetaMask recently warned of a new type of scam called “address poisoning.”
• The scam works by exploiting users’ carelessness and haste when copying and pasting wallet addresses.
• Scammers use “vanity” address generators to create addresses that look similar to the intended address, causing users to unknowingly send funds to the wrong address.
MetaMask recently released a warning to the crypto community of a new type of scam called “address poisoning.” This scam is rated as “rather innocuous compared to other scam types” but still has the potential to dupe unsuspecting users into losing funds.
Address poisoning centers on wallet addresses being long hexadecimal numbers that are difficult to remember and easy to mistake for other, similar addresses. Crypto addresses are often shortened to show the first few characters, a blank, and then the last few. Scammers exploit the tendency to trust the familiarity of the first and last few characters.
When transacting, the usual routine consists of copying and pasting an address. Most wallet providers, including MetaMask, feature a one-click function to copy an address. Address poisoning exploits users’ inattention at this point in the transaction process. Specifically, scammers observe and track transactions of particular tokens, with stablecoins commonly targeted. Then, using a “vanity” address generator, the scammer will create an address that looks similar to the intended address.
Since the address is similar, users can easily assume that the address is correct and mistakenly send funds to the wrong address. This is why it is essential to double-check and triple-check wallet addresses before sending funds. MetaMask also recommends users verify wallet addresses with the recipient to ensure they are sending funds to the correct address.
To protect against address poisoning, MetaMask recommends users pay extra attention when copying and pasting wallet addresses. Users should also enable address verification to confirm the address is correct before sending funds. And finally, users should always double-check the first and last few characters of the address to make sure they match.
In conclusion, address poisoning is a scam that relies on users’ inattention and haste when transacting. To protect their funds, users should take extra care to verify wallet addresses with the recipient before sending funds.