A recent pattern of transactions on the decentralized blockchain network ethereum suggests that scammers have launched an “address poisoning” campaign, CoinDesk reported Thursday (Jan. 22), citing Citi analysts.
An address poisoning scam is one in which bad actors send small amounts of crypto from wallet addresses that are similar to those frequently used by the victim, in hopes that the victim will accidently send funds to the scammer’s address in future transactions, according to the report.
Trends on ethereum that suggest that such a campaign may be underway include a record-breaking surge in transactions and active addresses at a time when bitcoin activity has been trending lower, a large share of the transactions being worth less than $1, and low transaction fees that make it inexpensive for attackers to send out their small payments, per the report.
“This transaction trend is often associated with ‘address poisoning’ scam campaigns,” the Citi analysts said, per the report.
Blockchain data firm TRM Labs said in July 2024 that an attack in May 2024 at the Japanese crypto exchange DMM Bitcoin, which led to the theft of coins valued at upwards of $300 million, may have involved an address poisoning scam.
“While the exact cause of the attack remains unknown, potential vectors include stolen private keys or address poisoning — a tactic wherein attackers send tiny amounts of cryptocurrency to a victim’s wallet to create fake transaction histories, potentially confusing users into sending funds to the wrong address in future transactions,” TRM Labs said at the time.
FBI Denver said in April 2024 that it had seen criminals creating cryptocurrency tokens that impersonate well-known tokens but have no value and using those impersonation tokens to send to victims as part of an address poisoning attack.
“Because of the way cryptocurrency wallet software truncates addresses, the first few alphanumeric characters and the last few alphanumeric characters might be identical to a familiar address; however, the middle alphanumeric characters in the address will be different,” the agency said in a press release. “Impersonation tokens increase the likelihood that address-poisoning attacks will work against both experienced and newer cryptocurrency users.”
