token

What is Address Poisoning?

Address poisoning involves the attacker creating deceptive transactions in the victim's address transaction history, tricking victims into sending funds to the attacker's address.

How Does Address Poisoning Work?

To increase the likelihood of users copying the wrong transfer address, attackers deploy a combination of spoofing methods in their address poisoning schemes:

Token spoofing

Attackers deploy token contracts with the name and symbol resembling those of well-known or familiar tokens. The aim is to trick victims into believing these tokens are legitimate.

When other dApp frontend interfaces aggregate all transactions in one tab, anyone can create a fake $ETH $BTC $SOL or any token and disguise it as a genuine token transaction.

Address spoofing

Attackers use a 'vanity' address generator to create an address that closely resembles a target address's first and last few characters. When truncated in the middle, it appears exactly the same as the target address, thereby fooling unsuspecting victims.