Metamask Wallet Users Warned to Be on the Lookout for Address Poisoning Attacks
To avoid becoming victims of an address poisoning attack, Metamask wallet users should ditch the practice of copying and pasting wallet addresses, the crypto wallet app support team has warned. Metamask users should instead “develop a habit of thoroughly checking every single character of an address” before sending a transaction.
Scammers Exploiting Users’ Carelessness
Metamask crypto wallet users should be wary of a new scammer tactic known as the address poisoning attack, which is dependent on the user’s “carelessness and haste above all else,” the team behind the software cryptocurrency wallet has warned. The Metamask team added that while the attack method may seem harmless, “it can just as easily result in a loss of funds.”
A new scam called 'Address Poisoning' is on the rise. Here's how it works: after you send a normal transaction, the scammer sends a $0 token txn, 'poisoning' the txn history. (1/3)
— MetaMask Support (@MetaMaskSupport) January 11, 2023
In its Jan. 11 statement that explains how scammers use this new tactic to steal from unsuspecting users, the Metamask Support team said cybercriminals and scammers often exploit common behavior among crypto users such as the copying and pasting of wallet addresses. Although this ensures that funds are sent to the correct address, the team warned that scammers are aware that many users are unwilling to memorize their wallet addresses. The statement said:
“Since they’re so long, crypto wallet addresses are typically shortened. You might see the first lot of characters only, or sometimes you may see the initial 5-10 or so and the final 5-10 or so, skipping the middle. This is how most people recognize addresses: not by knowing every single character, but by becoming familiar with the start and finish. This is the tendency that address poisoning preys on.”
Users Must Check Every Single Character in a Wallet Address
According to the Metamask Support team, scammers often initiate a poisoning attack by sending a negligible amount to a dummy wallet address which closely matches that of a Metamask wallet user. After this, the scammer will wait and hope the targeted user[s] will “inadvertently copy their address from your transaction history and paste it elsewhere.”
Since transactions like these are said to be immutable or irreversible, when funds are sent to an incorrect address, they are lost forever. Therefore, wallet users need to take all precautions including “checking every single character.” The Metamask Support team said wallet users must try to end the practice of copying addresses from their transaction history.
Instead, wallet users should “develop a habit of thoroughly checking every single character of an address before you send a transaction.”
What are your thoughts on this story? Let us know what you think in the comments section below.