Home Web3 Security What is Address Poisoning? How It Can Result Into Loss of Crypto Assets?

What is Address Poisoning? How It Can Result Into Loss of Crypto Assets?

by ImmuneBytes
What is Address Poisoning? How It Can Result Into Loss of Crypto Assets?


In the world of cryptocurrencies, security is of utmost importance. Cryptocurrency holders need to be aware of various security threats that can lead to the loss of their assets. One such threat is address poisoning. In this blog, we will discuss what address poisoning is, how it works, and how it can result in the loss of crypto assets.

What is Address Poisoning?

Address poisoning is a sophisticated attack vector that involves intercepting a user’s cryptocurrency transaction and changing the destination address to one controlled by an attacker. This is done by inserting a malicious code into the user’s device or by hacking into the network and intercepting the transaction.

How Address Poisoning works?

  1. The leading DeFi crypto wallet provider MetaMask penned a long blog post warning crypto enthusiasts around the globe to double-check the crypto wallet addresses and spread the word about address poisoning to prevent money loss. Firstly, the culprit exploits the victim’s transaction history. For address poisoning to work in full effect, the fraudster generates similar vanity addresses to the one a user has.
  1. Indeed, crypto wallet addresses are very hard to remember, because of the cryptographically generated hexadecimal numbers. Hackers tend to instill these new addresses in the counterfeit transaction history, and usually, there’s no visual difference between the actual crypto wallet address and the fake one.
  1. Secondly, once the scammer has created a similarly-looking crypto wallet address, the evildoer sends a transaction of a small value to the newly created dummy wallet. After this happens, the user’s crypto wallet is poisoned. This is because the transaction history on MetaMask or any other DeFi wallet shows the hacker’s new address, which is visually unidentifiable as different. Most crypto enthusiasts visually indicate their wallet by the starting and ending characters, while the middle part of an address is rarely remembered.
  1. Finally, this creates an opportunity for the hacker to contaminate the wallet dummy addresses. The next time the unsuspecting user tries to copy the crypto wallet address from the transaction history, the funds might end up in the almost identically-looking hacker’s wallet.

How Can Address Poisoning Result in the Loss of Crypto Assets?

Address poisoning can result in the loss of crypto assets in several ways. First, if the hacker intercepts the transaction and changes the destination address, the cryptocurrency will be sent to the hacker’s address instead of the intended recipient’s address. This means that the cryptocurrency is lost forever.

Second, address poisoning can be used as a tool for phishing attacks. The hacker may send a message to the victim, pretending to be a legitimate service provider and asking for their cryptocurrency address. The victim may unknowingly give their address to the hacker, who will then use address poisoning to intercept any future transactions and steal the cryptocurrency.

Finally, address poisoning can also be used to attack cryptocurrency exchanges. If the exchange’s withdrawal process is not properly secured, a hacker can intercept the withdrawal request and change the destination address to their own. This means that the cryptocurrency is sent to the hacker’s address instead of the user’s intended address.

How to Prevent Address Poisoning?

Luckily, there are a few go-to methods to prevent the bad actors of crypto from stealing your money. Naturally, the easiest solution to this problem is simply double-checking the crypto wallet addresses before sending the funds. Here are two more advanced workarounds for crypto enthusiasts fearing getting contaminated with address poisoning.

Use an Address Book

In most cases of address poisoning, having an address book instead of copying crypto wallet addresses from personal transaction history should solve the problem. The feature can be accessed on MetaMask by going to Settings > Contacts.

In this way, there are two issues immediately fixed. Firstly, the wallet owner won’t have to copy-paste the addresses, erasing the possibility of copy-pasting the bogus address. Moreover, the address book requires confirmation before putting addresses on it. The hapless hackers cannot change the addresses submitted by the wallet owner.

Use a Cold Wallet

Another effective way of rescuing oneself from the hassle of trying to retrieve lost crypto funds has a cold wallet. Hence, a self-custody wallet not connected to the internet is less susceptible to fraudulent phishing attacks by evil computer geniuses. On top of that, cold hardware wallets form a habit of checking and confirming every transaction sent.

Besides, the second layer of security in such a case could be ‘test transactions’. These are carried out by sending a nominal amount of money and then waiting for the confirmation that the recipient’s address is indeed the correct one. However, test transactions are unpopular among the crypto community, as it requires double the gas fees.


Address poisoning is a serious threat to the security of cryptocurrency transactions. It can result in the loss of crypto assets and can be difficult to detect. To protect yourself from address poisoning, it is important to use a reputable cryptocurrency wallet, keep your device and software up to date, and double-check the destination address before sending any cryptocurrency. By being vigilant and taking the necessary precautions, you can protect your crypto assets from this and other security threats.

You may also like