MetaMask, a cryptocurrency wallet provider, is alerting customers about a new fraud known as ‘Address Poisoning,’ which involves tricking users into sending payments to a scammer rather than the intended receiver.
When MetaMask users send or receive cryptocurrency, the transaction is recorded in the wallet’s history. When you click the transaction, you’ll see further information, such as the token, the amount paid or received, and a short form of the third party’s address.
Scammers contaminate your MetaMask transactions.
In a new article, MetaMask developers warn of a new scam dubbed ‘Address Poisoning,’ which involves poisoning the wallet’s transaction history with scammer’s addresses that are strikingly similar to addresses with which a user previously transacted.
To carry out the fraud, the threat actor checks the blockchain for new transactions.
After deciding on a target, they employ a vanity address generator to generate an address that is very similar, if not identical, to the one involved in the recent transaction.
The threat actor then transfers a modest amount of cryptocurrency, or even a $0 token transaction, from this new address to the intended sender’s address, so that the transaction shows in their wallet’s history.
The address of the threat actor is remarkably close to a user’s prior transaction, and because MetaMask shortens the addresses in the transaction history, it seems to be from the same individual.
When a user needs to transfer bitcoin to someone they previously sent to, the attacker hopes that they would identify the most recent transaction, which in this case is from the attacker, and send the cryptocurrency to the scammer’s address instead.
Instead, search your transaction list for a known valid transaction and grab the full address from a blockchain explorer like EtherScan.