In Brief
MetaMask is warning its users against a growing new crypto scam called “address poisoning,” however the news has come bit late for some.
Cryptocurrency wallets can include one or more accounts, each with its own cryptographically-generated address, MetaMask explains in a release. However, these long hexadecimal numbers are intentionally difficult to remember, requiring the frequent use of copy and paste. This is precisely what address poisoning attempts to take advantage of.
How Addresses Become “Poisoned”
Instead of a sophisticated hack that compromises a protocol’s infrastructure, address poisoning rather relies on human psychology and the mechanics of crypto transactions. The following scenario is a case in point.
In this case, User A makes regular transactions to User B, which Attacker C becomes aware of utilizing software that monitors transfers of certain tokens, typically stablecoins. The attacker will then use a “vanity” address generator to create a hacker address C that closely matches user address B.
Attacker C will then perform a transaction of $0 between user address A and hacker address C. This results in the ‘poisoning’ of the address, as hacker address C becomes cached over user address B for user address A. Since hacker address C shares the same first and last 4 digits as user address B, Attacker C hopes that User A inadvertently uses their address when trying to transact with User B.
The scam can easily be avoided by thoroughly checking addresses before committing to transactions, however tedious.
MetaMask Mistakes
Some users are disappointed by the delay in announcing the news. “MetaMask finally documents the address poisoning attack after 2+ months,” tweeted Han Tuzun. His post provided a link to an article explaining the scam with thorough detail dated from the beginning of December.
Tuzun further warned users about vanity address generators that could generate near identical addresses in seconds. The Twitter user also tasked infrastructure builders with sufficiently warning users in UI against such attacks.
This latest setback for MetaMask comes after it faced strong public backlash following an update on its data retention policies. The firm updated its privacy policy late last year, leading to reports that it would result in the collection of users’ wallets and IP addresses.
This quickly led to a heated response from the crypto community, which prompted a post from developer ConsenSys on Dec. 6, to try and reassure its users.
Disclaimer
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.
This article explains the concept and types of Bitcoin addresses to help readers solve some problems they may encounter in the process of self-custody of Bitcoin, including but not limited to the choice of address type and the troubles that may occur during the migration of software wallets.
JinseFinanceThe airdrops received by addresses without transactions were suspected of insider trading; some users met all the airdrop criteria but did not receive any airdrops; some addresses received more than 100,000 airdrops, etc. In response to these doubts, ZKsync issued a comprehensive response on June 14, 2024.
JinseFinanceBTC, the dust has settled. How to layout the high-quality addresses of the Bitcoin ecosystem? Golden Finance, unity of knowledge and action, adheres to accompany the Bitcoin ecosystem.
JinseFinanceAn Ethereum destroy address is a unique element in the Ethereum blockchain that is specifically designed to permanently remove Ethereum from circulation.
JinseFinanceDogecoin (DOGE) shows growth in new addresses, business adoption, and user popularity, contributing to its resilience in the cryptocurrency landscape.
EdmundThere are currently around 21 victims and counting
Alex
BeincryptoUsers report that their sessions were disconnected when trying to interact with Oasis with allegedly high risk wallets.
CointelegraphThe price of bitcoin has been fluctuating in the last week. Mainly the price has been growing, reaching one-month highs ...
BitcoinistLayer 2 activity is cooling off for most networks, but Arbitrum has recently seen an increase in TVL and active addresses.
Cointelegraph
