Binance Develops Solution Against Address Poisoning Scams
Binance’s security experts have developed an “antidote” to combat the increasing instances of address poisoning scams, which deceive investors into sending funds to fraudulent addresses.
The security team at the world’s largest cryptocurrency exchange created an algorithm capable of detecting millions of poisoned crypto addresses. According to a report shared with Cointelegraph:
“We have developed a unique method of identifying poisoned addresses, which helps us to alert users before they send money to criminals and was instrumental in identifying and flagging more than 13.4 million spoofed addresses on BNB Smart Chain and 1.68 million on Ethereum.”
Understanding Address Poisoning
Address poisoning, also known as address spoofing, is a deceptive technique where scammers send a small amount of digital assets to a wallet closely resembling the victim’s address. This action aims to include the fraudulent address in the wallet’s transaction history, increasing the likelihood of the victim mistakenly sending funds to it.
Binance’s algorithm detects spoofed addresses by analyzing suspicious transfers, such as those with near-zero value or unknown tokens. It then matches them with potential victim addresses and timestamps malicious transactions to pinpoint the potential point of poisoning.
Collaboration with HashDit
The spoofed addresses are cataloged in the database of Web3 security firm HashDit, Binance’s security partner. This collaboration aims to safeguard the broader crypto industry from poisoning scams, as mentioned in Binance’s report:
“Many cryptocurrency service providers use HashDit’s API to boost their defenses against a variety of scams. One of them, for example, is Trust Wallet, which uses the database of poisoned addresses to alert users when they are about to transfer funds to a spoofed recipient.”
The algorithm will also assist in identifying spoofed addresses across HashDit’s user-facing products, web browser extensions, and MetaMask Snaps.
Address Poisoning Concerns Following $68 Million Scam
The urgency for a preventive algorithm became evident after an unknown trader fell victim to a $68 million address poisoning scam. On May 3, they inadvertently sent $68 million worth of Wrapped Bitcoin (wBTC) in a single transaction to a spoofed address.
Fortunately, the thief returned the $68 million on May 13, amidst public scrutiny from on-chain investigators. This suggests that the scammer was not acting in the interest of ethical hacking but rather out of fear of exposure.
Address poisoning scams may appear avoidable, but many traders only verify the first and last digits of a wallet’s 42 alphanumeric characters, as most protocols display only these digits.
Furthermore, scammers exploit vanity address generators to customize addresses, making them appear less random or more similar to legitimate addresses, according to Binance:
“An authentic Ethereum address like 0x19x30f…62657 could be spoofed using a similar-looking 0x19x30t…72657, which can be totally different in the middle while maintaining the first and last few characters.”