Address poisoning

Address poisoning is an attack method in which the attacker creates false transaction records on the blockchain, causing addresses controlled by the attacker to appear in the victim's transaction history. When the victim makes a new transaction, the victim may mistakenly send funds to these false addresses.

How address poisoning works

a. Creating a false transaction

The attacker first creates a small transaction to send funds to the victim's address. This transaction will appear in the victim's transaction history.

b. Disguise as the victim's address

When creating a false transaction, the attacker uses an address that is very similar to the victim's address (usually the first and last few digits are the same). This makes the victim mistakenly believe that this address is a legitimate address they have used before when viewing the transaction history.

c. Inducing wrong transfers

When victims need to make a new transfer, they may copy the address from the transaction history. If the victim does not carefully check every character of the address, it is possible to send funds to the address controlled by the attacker.

How to prevent address poisoning?

a. Check the address carefully

- Check character by character: When transferring money, check the address character by character to ensure that every character is correct.

- Use address labels: Use the address label function in the wallet or exchange to add labels to commonly used addresses to avoid misoperation.

b. Use security tools

- Hardware wallet: Use hardware wallets for transfers. Hardware wallets are usually more secure and can prevent address poisoning attacks.

- Address book: Use the address book function in the wallet to save commonly used addresses and avoid copying addresses from the transaction history.