Wallet Address Poisoning - How to Secure Your Transactions From Hackers

By Crypto Safety First | 5-minute digital safety power-ups | 30 Jan 2024

Can you identify a poisoned wallet public address?

If not, you are vulnerable to address poisoning attacks like this crypto user who lost $5,000 worth of crypto assets.

It is really simple to avoid an address poisoning attack if you know what to look for.

Otherwise, ignorance will put your hard-earned crypto assets at risk.

90ec8652b788f4955cb8445d8ba40ad2ce0bad9e246d43e022a6aa5b5e6028f8.jpg

Example Of A Real Address Poisoning Attack

A crypto user wanted to move 5,000 USD worth of cryptocurrency from his Ledger wallet to his Binance wallet.

He copied what he thought was his Binance wallet public address into the Ledger 'Recipient Address' field and proceeded with the next steps.

436f1482b5b9ffc2b995f2aae019dcec9e7abc6ecf8e92ef15ff46b0129f0975.png

Unfortunately, he had copied a poisoned wallet public address instead, and those 5,000 USD worth of crypto were sent to the hacker.

This is the whole story:

ca0abed135d559aa29764811ae632484735c32b819a423b33349170a721b7f39.jpg

Post by u/ImThour.

Published at Reddit.

ImThour has kindly agreed to let us share his story so others can learn from it and take steps to prevent it from happening to others. We thank him for his generosity.

We all make mistakes out of a lack of knowledge or awareness.

But never give up; we learn from them and keep moving forward.

Or, we can learn from the mistakes of others who are kind enough to share their experiences, helping us to avoid similar pitfalls.

How Does Address Poisoning Work

The attacker initiates the address poisoning attack by sending a small amount of cryptocurrency to your wallet.

The intention behind this move is to "poison" your transaction history. As a result, the transaction becomes recorded in your account's history.

This scam is particularly deceptive because the scammer's wallet address looks similar to yours.

Note the similarity between ImThour's wallet public address and the hacker's wallet public address:

  • ImThour's Binance wallet address: 0xdd1b7ce698d0d58cd521a9c186e6a95cf043614c
  • Hacker's wallet address: 0xdD1f22080CF69E1B1A92D33E8f3d6a766447614c

The scammer hopes you might inadvertently select their address when you make a transaction, believing it to be yours.

This trick is designed to prompt you into sending funds to the scammer's address by mistake.

It relies on the fact that individuals often pay attention only to an address's first and last characters while overlooking the characters in between.

We very much doubt that such an attack would work nowadays because there is no opportunity to copy a poisoned address. This is what the Binance "deposit' process looks like nowadays.

749a1a816ffa104462111ccdcec1ec69cc1215d25a094eea48f04f115a66b0d0.jpg

But, in a hot wallet, you may fall victim to an address poisoning attack by copying the address from a past 'recipient address' transaction and using it as a 'recipient address' for a new transaction.

a87956b0f957011731150183b724d54ca7fd9ad52cea9a05ac9e22e4989db84f.jpg

You may be asking yourself:

How can the hacker create wallet public addresses with the same start and finish characters as the victim's address?

Addresses with specific prefixes and suffixes can be created using vanity address generators. For example, as its name suggests, the Ethereum vanity address generator page can be used to generate Ethereum vanity addresses.

And the same sort of generators are available to generate vanity addresses for other blockchains. E.g., Bitcoin vanity address generator.

 

What Can You Do To Prevent Falling Victim For An Address Poisoning Attack

It is simple:

Verify the whole public address every single time you make a transaction.

It is common to try to save time by only verifying the first and last characters instead of verifying the whole string.

But this is a very bad practice because you already know this is not sufficient:

  • ImThour's Binance wallet address: 0xdd1b7ce698d0d58cd521a9c186e6a95cf043614c
  • Hacker's wallet address: 0xdD1f22080CF69E1B1A92D33E8f3d6a766447614c

By verifying the full wallet's public address, you can identify and prevent the following:

Knowledge and awareness will protect your crypto assets from hacks, scams, and accidents.

If you are still learning about cryptocurrency wallets, addresses, keys, and seed phrases, the following articles contain the knowledge you are looking for:

Wallet Public Address: The Unique Identifier to Safe Transactions

The Importance Of Crypto Public Key For Cryptocurrency Security

Crypto Private Key: Manage and Protect Your Digital Wealth

Seed Phrase: Why It Is Important to Safeguard It?

The Role Of The Derivation Path For Wallet Recovery

Congratulations on completing this 5-minute crypto and digital safety power-up.

We hope this 5 minutes read was worth the time and that you have learned some valuable information.

1

Please consider subscribing to our blog for shorter but more important articles about crypto and digital good practices.

Cryptocurrency Bitcoin (BTC) Crypto Crypto Wallet cybersecurity

How do you rate this article?

163
Crypto Safety First
Crypto Safety First

5-minute digital safety power-ups
5-minute digital safety power-ups

Valuable digital safety knowledge and good practices in short but informative articles. Protect your most valuable crypto and digital assets from hacks, scams, and accidents.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
The $1B Solana Exodus The $1B Solana Exodus
Myxoplixx

Myxoplixx

17 May 2025
1 minute read

Bitcoin’s Next Move: Moonshot, Meltdown, or Just More Drama? 🚀💥 Bitcoin’s Next Move: Moonshot, Meltdown, or Just More Drama? 🚀💥
Johnbull Myson

Johnbull Myson

5 hours ago
1 minute read

Méliuz Acquires Bitcoin Worth $28.4M Méliuz Acquires Bitcoin Worth $28.4M
cryptogod-1

cryptogod-1

21 hours ago
1 minute read