• MetaMask recently warned of a new type of scam called “address poisoning”
• Address poisoning exploits absentmindedness when copying and pasting wallet addresses
• Scammers generate “vanity” addresses to dupe unsuspecting users into losing funds
MetaMask recently alerted the crypto community of a new type of scam called “address poisoning” in a post. This scam is rated as “rather innocuous compared to other scam types”, but MetaMask still warned that address poisoning has the potential to dupe unsuspecting users into losing funds.
Address poisoning centers on wallet addresses, which are long hexadecimal numbers that are difficult to remember and easy to mistake for other, similar addresses. To avoid confusion, wallet providers often shorten addresses by showing the first few characters, a blank, and then the last few. Scammers take advantage of users’ trust in the familiarity of the first and last few characters by generating “vanity” addresses that look similar to the original address.
When transacting, users usually copy and paste an address into the wallet. Many wallet providers, including MetaMask, have a one-click function to facilitate this process. Address poisoning exploits users’ inattention at this point in the transaction process. Scammers observe and track transactions of particular tokens, with stablecoins commonly targeted. Then, using a “vanity” address generator, the scammer will create a wallet address that is similar to the original address. If users copy and paste the wrong address, the scammer will be able to receive the funds instead of the intended recipient.
To protect against address poisoning, MetaMask recommends double-checking wallet addresses and being vigilant when copying and pasting wallet addresses. It is also recommended to use a wallet provider with built-in security features, such as MetaMask. Additionally, MetaMask recommends that users set up a Secret Recovery Phrase, which is a 12-word phrase that allows users to recover their wallet if they lose their device. With the Secret Recovery Phrase, users can be sure that their funds will be safe even if they make a mistake.