top of page

What is address poisoning in Bitcoin?

The scam may affect other cryptocurrencies. How to avoid it? MetaMask explains how this scam can affect even the most experienced users.

Ledger and Trezor devices
Photo by regularguy.eth on Unsplash

In Short

  • The technique confounds the real address with the attacker's address.

  • You'll need to do more than check an address's first and last characters.

Address poisoning is a scam technique that emulates almost all (but not all) characters of a bitcoin (BTC) or cryptocurrency address. If a user doesn't notice and verify if the address they are sending funds to is correct, they could become a scam victim. As MetaMask explains in a blog post this January 11, scammers use this technique to confuse their victims with frequently used addresses.


Thieves monitor their victims' addresses in search of recent transactions. They can do so since cryptocurrencies rely on a public ledger. Upon detecting an incoming transfer, fraudsters send a certain amount of worthless tokens to the victim to confuse them. The source address of the tokens has the same characters, at the beginning and the end, as the original address.


Addresses generated from predefined custom characters are known as Vanity Addresses, as was the case with the address "1VanticaTradingDontSendf59sbirfkuF". There are different portals to create this type of address on the web, along with their corresponding private keys. Although their purpose is not necessarily fraudulent, the possibility of developing lessons from predefined characters is something an attacker will use.


Getting an address that copies only a few characters from another is quite complicated and can take a long time, depending on the computer's computing power. The more characters you try to copy, the more difficult it will be to find the private key. Many users abuse the copy-and-paste technique because it is difficult to remember the 40 alphanumeric characters that make up an address (in the case of Ethereum).


By doing this, a careless user may notice that it is different from the original address they are trying to send to, as it only does a quick check of the first and last characters that make up an address. In the address list of wallets such as MetaMask, only the first and last five characters are shown.

How to escape this scam

Although this is an unsophisticated technique, no one is exempt from falling for it. The addresses of any cryptocurrency network are prone to this type of attack.


The main thing is to do a more extensive verification. As discussed above, vanity addresses created by fraudsters copy the first and last digits of an address. Since the more numbers you try to copy, the more complicated it will be to generate an address, do a complete, digit-by-digit verification of the address as much as possible.


It is also advisable to avoid copying addresses from the list of received transactions since this is the primary attack vector used by fraudsters. Another recommendation is to make a small payment beforehand to confirm that it is the correct address when transferring large amounts of funds.


MetaMask advises keeping a record in the address directory of the most frequently used addresses to avoid copying addresses from the transaction log.

Metamask Wallet
The Address directory is available from the application's settings menu.

One of the current solutions for this type of inconvenience, regarding how difficult it is to verify all the characters in an address, are domain names, in this case, Ethereum or ENS. These allow sending funds using terms such as "Vitalik" instead of hard-to-handle addresses. However, it is also possible to fall for name spoofing, such as a user using "Vitalik."



Related Posts


  • Facebook
  • Instagram
  • TikTok
  • Twitter
  • LinkedIn
bottom of page