paint-brush
Everything You Need to Know About Address Poisoning by@alfredodecandia
1,228 reads
1,228 reads

Everything You Need to Know About Address Poisoning 

by Alfredo de CandiaJanuary 30th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

A type of cyber-attack in which attackers send a transaction to the victim’s blockchain address to steal funds. This attack is especially dangerous for those unfamiliar with the business. Once the offending transaction is received, it cannot be removed and can be misused by the victim.
featured image - Everything You Need to Know About Address Poisoning 
Alfredo de Candia HackerNoon profile picture


Address Poisoning is a type of cyber-attack in which attackers send a blockchain transaction to the victim’s blockchain address to steal funds. This attack is especially dangerous for those unfamiliar with the business because once the offending transaction is received, it cannot be removed and can be misused by the victim. The attack works by sending a transaction that originates from an address very similar to a user’s legitimate address, which can allow the attackers to receive the victim’s funds. Users need to be aware of this attack and take necessary precautions to protect their funds and data.

What is the Address Poisoning

As we have anticipated, this is a computer attack aimed at blockchain users, and this attack aims to create havoc in the victim’s transactions as, especially for inattentive users, it can turn into a nightmare as they could inadvertently copy and use the address of the criminal.

What Address Poisoning entails for your blockchain address

If this attack occurs, the consequences are limited as long as the blockchain address of the criminal is used since, for example, if we need to receive cryptocurrencies at our address and we provide the criminal’s address, then at that point, the cryptocurrencies will not end up in our blockchain address (or rather accounted for at our address) but will end up in the criminal’s address, and we will have completely lost those funds.

Furthermore, we will not even be able to attribute the error to the sender of the funds as the sender will have executed and used the very address that you have provided him, complete with a confirmed transaction that can be viewed from any block explorer.

How Address Poisoning works

To better understand this type of attack and how to protect yourself, let’s see together how criminals operate and what strategies they adopt to “track” us and exploit this type of attack, even if there are several techniques that can be implemented.

Find a victim

There are several ways to identify a victim for this type of attack, such as targeting the addresses of the exchanges and then creating an address similar to that of the exchange, meaning that if the victim misspells the relevant address, then the criminal over time will receive the various shipments, an attack which, as it is possible to imagine, becomes passive and can really generate an income over time (this is why the various exchanges change the deposit addresses from time to time).


Or the criminals exploit on-chain tracking systems with various tools, where it is possible to trace the movements of a specific account so as to be alerted when a user carries out a transaction and automatically launch his transaction immediately after that of the victim

Create a blockchain address similar to the victim

Once we have identified a victim and recovered his public address, we just have to go and create a new address that resembles the address we want to attack, and this serves precisely to confuse the victim as blockchain addresses, being quite long, it is easy to read them wrong and therefore you take either some initial digits of the address or the last final digits and then click on them and copy the relative address.


To create an address that looks like another, it is possible to do it with some tools that allow you to customize your address, processing several calculations to find the desired one or rather find the private key that opens that address, and to do this we simply need to exploit a generator of blockchain addresses which in jargon are called “vanity address generator”.

Let’s see a practical case by taking the well-known blockchain address of the Binance exchange on Polygon, which is as follows:


0xe7804c37c13166ff0b37f5ae0bb07a3aebb6e245


At this point, all we have to do is use a program that allows you to generate vanity addresses such as this and then launch it and wait until the software finds the private key of that specific address, which in this case, we have chosen to keep the last 7 digits identical to the Binance address:


0x2764F4a5bb1c700889fFC65b304AC188Ebb6e245


A long and complex process for the more identical numbers we have chosen, and just to get an idea of ​​the time needed, here is that to find the private key of that address similar to that of Binance, it takes just 1 month of work with an entry-level home PC, time that is drastically reduced by exploiting various cloud platforms to obtain more power:


Vanity address generator


If instead of 7 digits, we just want the last 5 digits equal to those of Binance, here, in a couple of minutes, the program finds the private key without problems:


Vanity address found


Cast the bait and wait

Once we have found the address and the relative private key, it will be enough to import the private key into our wallet and then wait for the right moment to send the transaction to the victim’s address and wait for the victim to accidentally use that wrong address and receive the victim’s funds to our address.

How to Avoid the Address Poisoning Trap

We remind you that no system can prevent other users from sending us a transaction to our address, but what we can do is pay attention to the address we are using when we have to use it to receive funds, and these are some tips to keep in mind before to copy and paste an address that only appears to be the same as ours:


  • Inspect blockchain address transactions, carefully check the various transactions, and identify suspicious incoming transactions (usually those with few cryptos received);
  • Hash our address, to avoid oversight errors, a simple thing to do is to hash our address and compare it with the address we copied, and check if the number matches or not;
  • Use hardware wallets, another good rule is to use a hardware wallet to always use the address that we find inside it and be able to connect it also on third-party platforms, we avoid other unnecessary risks of showing our private key outside the hardware wallet ;
  • Carry out transaction simulations, for those who are slightly more experienced, it is possible to carry out simulations of transactions using the various testnet networks to effectively check whether the transaction arrives at our address or not.


I made a little video to explain this kind of attack: