Cryptocurrency holders are encouraged to take a closer look at public addresses to transfer their cryptocurrencies to.
A scam is growing in the cryptocurrency universe and you better watch out. Its name: “address poisoning” or public address poisoning.
Public address versus private address
Before explaining this type of scam, let’s remember the distinction between public address and private address. A private address is a sequence of characters that must remain confidential, which allows a user to carry out transactions (sending cryptocurrencies, etc.). Only so-called cold or hot wallets allow users to hold their private keys and therefore their cryptocurrencies. Conversely, cryptocurrency exchange platforms keep the private keys of users who therefore do not hold their cryptocurrencies.
For its part, a public address is a random sequence of numbers and letters which can be compared to a RIB in France. A user can own multiple public addresses, with each address tied to a proprietary cryptocurrency. A user will be able to send a public address to a recipient to receive cryptocurrencies on this address. These addresses can also be accessed on blockchains (Ethereum, Bitcoin, etc.). The two addresses (public and private) work together to complete a transaction.
Extended addresses
When a person uses a crypto wallet (wallet), he can hold several public addresses to which to transfer cryptocurrencies. Therefore, to make a transfer from an account A to an account B (platform to wallet, wallet to wallet, etc.), a manipulation consists of “copying” the public address to which cryptocurrencies can be transferred and “pasting” it “. from the media you want to transfer from. At that moment, any informed user will verify that the copy-pasted address remains identical. However, since this address is very long and difficult to remember, some users may fall into traps.
A public address looks like a sequence of letters and numbers like this: 2A1xyzeTBFMCrypto65FRD78CffftFRdXsstxddX
Until now we already knew about this type of scam. Your computer gets infected with a virus and you copy-paste it which causes you to paste a scammer’s public address. We know less about this new type of scam called “address poisoning.”
Generally, when a user wants to make a quick wire transfer using copy-paste, he mainly looks at the first 5 and last 5 characters of his public address. “It is this trend that address poisoning is exploiting,” digital wallet MetaMask explained on Thursday.
Address poisoning is where scammers “send worthless transactions to your account from an address very similar to yours. They hope you inadvertently copy that address into your transaction history in the future,” it reads.
Result: A simple carelessness can cause you to transfer your coins to a scammer’s public address. How to protect yourself from such a threat? MetaMask invokes a fundamental.
“There is no way to stop people, including scammers, from sending transactions to your address,” as those addresses are public on the blockchain.
On the other hand, faced with this phenomenon, MetaMask recommends taking the time to verify that the public address to which you are transferring the cryptocurrencies is identical to your own address (even if it is longer than looking only at the first and the last 5 characters). Likewise, it is advisable to avoid copying and pasting from transaction history, where malicious addresses could sneak in.