⚠️Address Poisoning⚠️
Address poisoning is an attack method where the attacker creates fake transaction records on the blockchain, causing attacker-controlled addresses to appear in the victim's transaction history.
When the victim makes a new transaction, they can mistakenly send funds to these fake addresses. How Address Poisoning Works
a. Creating a Fake TransactionThe attacker first creates a small transaction to send funds to the victim's address.
This transaction will appear in the victim's transaction history.
b. Disguising as the Victim's AddressWhen creating a fake transaction, the attacker uses an address that is very similar to the victim's address (usually the first and last digits are the same). This causes the victim to mistakenly believe that this address is a legitimate address they have used before when viewing the transaction history.
c. Inducing Erroneous TransfersWhen victims need to make a new transfer, they can copy the address from the transaction history. If the victim does not carefully check each character of the address, it is possible to send funds to the attacker-controlled address.
How to prevent address poisoning?
a. Check the address carefully- Check character by character: When transferring money, check the address character by character to make sure each character is correct.- Use address labels: Use the address label feature in the wallet or exchange to add labels to commonly used addresses to prevent misoperation.
b. Use security tools- Hardware wallet: Use hardware wallets for transfers. Hardware wallets are usually more secure and can prevent address poisoning attacks.