MetaMask is warning its users about a new and growing crypto scam called “address poisoning,” but the news came a little late for some.
Cryptocurrency wallets can include one or more accounts, each with its own cryptographically generated address, MetaMask explains in a statement. However, these long hexadecimal numbers are intentionally difficult to remember, requiring frequent use of copy and paste. It is this measure that the treatment of toxicosis is trying to take advantage of.
- Do you have any questions? BeInCrypto has a glossary that can help answer your questions about the world of crypto!
- Do you want to stay updated with everything related to the crypto world? BeInCrypto has a Telegram community where you can read relevant news live and chat with other cryptocurrency enthusiasts. paying off!
- You can also join our communities at TwitterAnd Instagram and Facebook.
How Headlines Become “Poisoned”
Rather than a sophisticated hack threatening protocol infrastructure, address poisoning relies on human psychology and the mechanics of cryptographic transactions. The following scenario is an example.
In this case, user A makes regular transactions for user B, which attacker C becomes aware of using software that monitors transfers of tokens, usually stablecoins. The attacker will then use an “assuming” address generator to generate a compromised address “C” that matches the address of user “B”.
Attacker “C” will perform a $0 transaction between the address of user “A” and the address of hacker “C”. This results in address “poisoning” where the hacker’s address “C” is cached from the address of user “B” to the address of user “A”. Since hacker C’s address shares the same first and last 4 digits as user B’s address, attacker C expects user A to inadvertently use his address when trying to perform a transaction with user B.
Scam can easily be avoided by checking addresses thoroughly before committing to transactions, no matter how tedious they may be.
Some users are disappointed with the delay in announcing the news. “MetaMask documents finally address poisoning attack after more than 2 months,” Han Tuzun tweeted. His post provided a link to an article detailing the scam in full, dated early December.
Tuzun has warned users about dedicated address generators that can generate nearly identical addresses in seconds. Through Twitter, it also mandated infrastructure builders to adequately warn users in the user interface of these attacks.
This latest setback for MetaMask comes after it faced strong public backlash after its data retention policies were updated. The company updated its privacy policy late last year, which led to reports that doing so would collect users’ wallets and IP addresses.
This quickly led to a heated response from the crypto community, prompting software developer ConsenSys, on December 6th, to try to reassure its users.
Disclaimer
All information on our website is published in good faith and for general information purposes only. Any action you take based on the information on our website is at your own risk.