In order to deceive users into sending money to a scammer instead of the intended recipient, a new scam known as “Address Poisoning” has surfaced, according to cryptocurrency wallet service MetaMask.
Cryptocurrency transfers made with MetaMask are recorded in the wallet’s transaction history.
An abbreviated form of the third party’s address and further information, such as the token, and the amount given or received, are displayed when you click the transaction.
In order to pull off the fraud, the threat actor keeps an eye on fresh transactions on the blockchain.
After choosing a target, they build an address that is very close to, if not almost identical to, the one used in the most recent transaction using a vanity address generator.
It should be noted that it can take less than a minute to create an address that matches the prefix or suffix of a destination address. Targeting both, though, will take much longer to generate
The threat actor then uses this new address to send the intended sender’s address a token transaction for $0 or a tiny amount of cryptocurrency so that the transaction shows up in their wallet’s history.
Additionally, MetaMask advises you to preserve known, legitimate cryptocurrency addresses for individuals or services to which you frequently send transactions using the built-in Address Book feature found under “Settings Contacts.”
However, this would cause problems with user interface design because Ethereum addresses are relatively long (66 characters).