Binance’s security experts have developed an “antidote” against the increasing threat of address poisoning scams, which trick investors into sending funds to fraudulent addresses.
The security team at the world’s largest cryptocurrency exchange created an algorithm that has detected millions of poisoned crypto addresses, as reported to Cointelegraph:
“We have developed a unique method of identifying poisoned addresses, which helps us to alert users before they send money to criminals and was instrumental in identifying and flagging more than 13.4 million spoofed addresses on BNB Smart Chain and 1.68 million on Ethereum.”
Address poisoning, also known as address spoofing, involves scammers sending a small amount of digital assets to a wallet that closely resembles the victim’s address.
This transaction becomes part of the wallet’s history, leading the victim to accidentally copy and send funds to the scammer’s address.
Binance’s algorithm detects these spoofed addresses by identifying suspicious transfers—typically those with near-zero value or unknown tokens—linking them to potential victim addresses, and timestamping malicious transactions to pinpoint the time of poisoning.
These spoofed addresses are logged in the database of Web3 security firm HashDit, Binance’s security partner, enhancing the protection of the broader crypto industry from such scams. According to Binance’s report:
“Many cryptocurrency service providers use HashDit’s API to boost their defenses against a variety of scams.
READ MORE: Unknown Trader Nets $46 Million from Pepe Memecoin Amidst Resurgent GameStop Hype
“One of them, for example, is Trust Wallet, which uses the database of poisoned addresses to alert users when they are about to transfer funds to a spoofed recipient.”
The algorithm also flags spoofed addresses on HashDit’s user-facing products, web browser extensions, and MetaMask Snaps.
The necessity for this preventive algorithm became evident two weeks ago after an unknown trader lost $68 million to an address-poisoning scam. On May 3, they accidentally sent $68 million worth of Wrapped Bitcoin (wBTC) to a spoofed address.
Remarkably, the thief returned the $68 million on May 13, after on-chain investigators traced his potential Hong Kong-based IP addresses.
This incident suggests the scammer panicked due to the public attention following the scam.
Address poisoning scams might seem avoidable, but most traders only verify the first and last digits of the wallet’s 42 alphanumeric characters.
Scammers exploit this by using vanity address generators to create addresses that look similar. As Binance explains:
“An authentic Ethereum address like 0x19x30f…62657 could be spoofed using a similar-looking 0x19x30t…72657, which can be totally different in the middle while maintaining the first and last few characters.”
To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.
