cryptoattack
閲覧回数 5,056
9人が討論中
注目
最新
翻訳参照
How Do Crypto Address Poisoning Attacks Work?
Blockchain address poisoning is a scam in the crypto world where attackers take advantage of the similarity between wallet addresses to trick users into sending money to the wrong wallets.Scammers create wallet addresses resembling those a user often interacts with and “pollute” their transaction history by sending small transactions from these fraudulent addresses.The irreversible nature of blockchain transactions increases the risk and impact of these address poisoning scams.Mitigation requires improvements at the protocol, wallet, and user education levels, along with blockchain analysis and real-time monitoring.
Introduction
With the rise of blockchain technology and cryptocurrencies, cybercriminals have also developed more clever ways to exploit users. One increasingly common and troubling tactic is called blockchain address poisoning. This scam tricks users into sending funds to wallet addresses that look very similar to ones they usually use. Unfortunately, because blockchain transactions are final and can’t be undone, users who make this mistake can suffer huge losses.
In this article, we explore how blockchain address poisoning attacks work, the techniques scammers use, real-world examples illustrating their impact, and strategies for prevention.
What Are Address Poisoning Attacks in Crypto?
This scam happens when fraudsters create wallet addresses that closely mimic the legitimate ones a user frequently transacts with. They then send small, seemingly harmless transactions from these “lookalike” addresses to the victim’s wallet. This action fills the victim’s recent transaction list or address book with “fake” addresses, increasing the chance they will accidentally pick a malicious address for their next transaction.
Blockchain wallet addresses are long strings of hexadecimal characters, which are hard to remember. Because of this, users often copy and paste addresses or select from recent addresses shown in their wallets, creating an opening for scammers to slip in malicious addresses that may appear familiar.
How do attackers generate similar addresses?
Scammers use computer programs to generate many wallet addresses repeatedly until they find ones that match the beginning and end characters of their target’s regular address. Wallet apps usually only display a few characters at the start and finish of addresses, so these similarities fool users into thinking the lookalike address is genuine.
Steps of a typical address poisoning attack
Study the victim: The scammer reviews the victim’s transaction patterns to learn which wallet addresses they frequently use.Generate fake addresses: Using automated tools, the attacker creates similar addresses that look like the ones used by the victims.Poison transaction history: They send tiny payments from these fake addresses to the victim’s wallet, embedding them in their address history.Catch the victim: Later, when the victim sends crypto and picks an address from their recent activity, they may pick the wrong one by accident, sending funds to the scammer.
Real-World Example: The 2024 Crypto Whale Attack
One high-profile case from May 2024 involved a crypto whale who mistakenly sent nearly $68 million in wrapped bitcoin (WBTC) to a scammer’s Ethereum address. The attacker spoofed the first six characters of the victim’s legitimate address to create a convincing fake. After receiving the funds, the scammer moved the assets through multiple crypto wallets.
Following negotiations, the scammer returned the original $68 million several days later but kept approximately $3 million profit due to price appreciation. The campaign behind this attack involved tens of thousands of fake addresses and targeted mostly experienced users with large wallet balances, highlighting the sophistication and scale these scams can reach.
Who Are the Victims?
The victims are usually active crypto users who hold larger amounts of cryptocurrency than typical users.Although most fake addresses don’t successfully deceive users, the overall amount stolen can reach hundreds of millions.Many victims reduce risk by performing small “test” transfers before sending large sums.
How to Prevent Address Poisoning Attacks
Improvements at the protocol level
Human-friendly addresses: Systems like Blockchain Domain Name System (BNS) and Ethereum Name Service (ENS) allow easier-to-remember names instead of long hexadecimal strings, which can help reduce errors.Higher costs for address creation: Introducing measures that slow down address creation or use larger character sets can potentially make generating fake addresses more difficult and costly.
Wallet and interface upgrades
Better address visibility: Wallets could show longer parts of addresses or alert users when sending to addresses similar to known fake ones.Blocking suspicious transfers: Wallets and blockchain explorers might hide or flag suspicious zero-value and counterfeit token transfers used in these scams.
User awareness and best practices
Test before sending: Always make small test transfers before sending large amounts.Keep trusted address lists: Use personal allowlists to avoid accidentally selecting fraudulent addresses.Use security tools: Consider using extensions or apps that detect phishing and address poisoning attempts.
Real-time blockchain monitoring
Real-time tools can spot unusual patterns linked to address poisoning and alert users, exchanges, or security teams to stop scams before they cause significant damage.
Closing Thoughts
Blockchain address poisoning is a growing and costly scam that takes advantage of complex wallet addresses and user convenience. Because crypto transactions cannot be undone, even small mistakes can mean serious losses.
Preventing these scams requires a team effort involving better blockchain protocols, smarter wallet designs, educated users, and advanced monitoring systems. By understanding how these attacks happen and following safety practices, the crypto community can reduce risk and stay more secure.
Further Reading
What Are Multisig Scams and How to Avoid Them? 5 Tips to Secure Your Cryptocurrency HoldingsWhat Is Wrapped Bitcoin (WBTC)?
Disclaimer: This content is presented to you on an “as is” basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial, legal or other professional advice, nor is it intended to recommend the purchase of any specific product or service. You should seek your own advice from appropriate professional advisors. Products mentioned in this article may not be available in your region. Where the article is contributed by a third party contributor, please note that those views expressed belong to the third party contributor, and do not necessarily reflect those of Binance Academy. Please read our full disclaimer for further details. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance Academy is not liable for any losses you may incur. This material should not be construed as financial, legal or other professional advice. For more information, see our Terms of Use and Risk Warning.
$BTC
$ETH
#CryptoAttack
Introduction
With the rise of blockchain technology and cryptocurrencies, cybercriminals have also developed more clever ways to exploit users. One increasingly common and troubling tactic is called blockchain address poisoning. This scam tricks users into sending funds to wallet addresses that look very similar to ones they usually use. Unfortunately, because blockchain transactions are final and can’t be undone, users who make this mistake can suffer huge losses.
In this article, we explore how blockchain address poisoning attacks work, the techniques scammers use, real-world examples illustrating their impact, and strategies for prevention.
What Are Address Poisoning Attacks in Crypto?
This scam happens when fraudsters create wallet addresses that closely mimic the legitimate ones a user frequently transacts with. They then send small, seemingly harmless transactions from these “lookalike” addresses to the victim’s wallet. This action fills the victim’s recent transaction list or address book with “fake” addresses, increasing the chance they will accidentally pick a malicious address for their next transaction.
Blockchain wallet addresses are long strings of hexadecimal characters, which are hard to remember. Because of this, users often copy and paste addresses or select from recent addresses shown in their wallets, creating an opening for scammers to slip in malicious addresses that may appear familiar.
How do attackers generate similar addresses?
Scammers use computer programs to generate many wallet addresses repeatedly until they find ones that match the beginning and end characters of their target’s regular address. Wallet apps usually only display a few characters at the start and finish of addresses, so these similarities fool users into thinking the lookalike address is genuine.
Steps of a typical address poisoning attack
Study the victim: The scammer reviews the victim’s transaction patterns to learn which wallet addresses they frequently use.Generate fake addresses: Using automated tools, the attacker creates similar addresses that look like the ones used by the victims.Poison transaction history: They send tiny payments from these fake addresses to the victim’s wallet, embedding them in their address history.Catch the victim: Later, when the victim sends crypto and picks an address from their recent activity, they may pick the wrong one by accident, sending funds to the scammer.
Real-World Example: The 2024 Crypto Whale Attack
One high-profile case from May 2024 involved a crypto whale who mistakenly sent nearly $68 million in wrapped bitcoin (WBTC) to a scammer’s Ethereum address. The attacker spoofed the first six characters of the victim’s legitimate address to create a convincing fake. After receiving the funds, the scammer moved the assets through multiple crypto wallets.
Following negotiations, the scammer returned the original $68 million several days later but kept approximately $3 million profit due to price appreciation. The campaign behind this attack involved tens of thousands of fake addresses and targeted mostly experienced users with large wallet balances, highlighting the sophistication and scale these scams can reach.
Who Are the Victims?
The victims are usually active crypto users who hold larger amounts of cryptocurrency than typical users.Although most fake addresses don’t successfully deceive users, the overall amount stolen can reach hundreds of millions.Many victims reduce risk by performing small “test” transfers before sending large sums.
How to Prevent Address Poisoning Attacks
Improvements at the protocol level
Human-friendly addresses: Systems like Blockchain Domain Name System (BNS) and Ethereum Name Service (ENS) allow easier-to-remember names instead of long hexadecimal strings, which can help reduce errors.Higher costs for address creation: Introducing measures that slow down address creation or use larger character sets can potentially make generating fake addresses more difficult and costly.
Wallet and interface upgrades
Better address visibility: Wallets could show longer parts of addresses or alert users when sending to addresses similar to known fake ones.Blocking suspicious transfers: Wallets and blockchain explorers might hide or flag suspicious zero-value and counterfeit token transfers used in these scams.
User awareness and best practices
Test before sending: Always make small test transfers before sending large amounts.Keep trusted address lists: Use personal allowlists to avoid accidentally selecting fraudulent addresses.Use security tools: Consider using extensions or apps that detect phishing and address poisoning attempts.
Real-time blockchain monitoring
Real-time tools can spot unusual patterns linked to address poisoning and alert users, exchanges, or security teams to stop scams before they cause significant damage.
Closing Thoughts
Blockchain address poisoning is a growing and costly scam that takes advantage of complex wallet addresses and user convenience. Because crypto transactions cannot be undone, even small mistakes can mean serious losses.
Preventing these scams requires a team effort involving better blockchain protocols, smarter wallet designs, educated users, and advanced monitoring systems. By understanding how these attacks happen and following safety practices, the crypto community can reduce risk and stay more secure.
Further Reading
What Are Multisig Scams and How to Avoid Them? 5 Tips to Secure Your Cryptocurrency HoldingsWhat Is Wrapped Bitcoin (WBTC)?
Disclaimer: This content is presented to you on an “as is” basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial, legal or other professional advice, nor is it intended to recommend the purchase of any specific product or service. You should seek your own advice from appropriate professional advisors. Products mentioned in this article may not be available in your region. Where the article is contributed by a third party contributor, please note that those views expressed belong to the third party contributor, and do not necessarily reflect those of Binance Academy. Please read our full disclaimer for further details. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance Academy is not liable for any losses you may incur. This material should not be construed as financial, legal or other professional advice. For more information, see our Terms of Use and Risk Warning.
$BTC
$ETH
#CryptoAttack
ノビテックス(2024年6月) – 9000万ドルの盗難
イランのノビテックス(国最大の取引所)が約9000万ドルの被害を受けました。このハッキングはフィッシングとサーバーの脆弱性を組み合わせ、資金をミキサーを通じて送金した可能性があります。地政学的なひねりが生じ、国家が支援する指摘がありました。この攻撃はイランの制裁に制約された暗号市場を揺るがしました。 🛡️🌐
#Nobitex #CryptoAttack #iran
$BTC
$ETH
$BNB
#Nobitex #CryptoAttack #iran
$BTC
$ETH
$BNB
セキュリティ上の懸念が浮上: TELEBTC の逸脱により TeleportDAO への攻撃の疑いが浮上
0xScope の研究者 Bobie による最近の暴露では、クロスチェーン Ordinals 市場 TeleportDAO の潜在的なセキュリティに関する懸念が提起されています。観察によると、プロトコルへの攻撃の可能性があることが示されており、ビットコインにペッグされたトークン TELEBTC の価格がビットコインの実際の価値から大幅に乖離しています。
研究者が異常を報告:
0xScope に所属する研究者 Bobie 氏は、TeleportDAO エコシステム内の異常に注目した。さまざまなブロックチェーン ネットワークの統合で知られるクロスチェーン Ordinals 市場は、プロトコルのビットコイン連動トークンである TELEBTC の価格の変動が確認されたため、精査されている。
研究者が異常を報告:
0xScope に所属する研究者 Bobie 氏は、TeleportDAO エコシステム内の異常に注目した。さまざまなブロックチェーン ネットワークの統合で知られるクロスチェーン Ordinals 市場は、プロトコルのビットコイン連動トークンである TELEBTC の価格の変動が確認されたため、精査されている。
🚨🚨 #CryptoAttack 💥🤯 𝗛𝗶𝗱𝗱𝗲𝗻 𝗦𝘁𝗼𝗿𝘆 𝗕𝗲𝗵𝗶𝗻𝗱 𝘁𝗵𝗲 $BTC 📉 #DUMPED!!! 💲💲
🗞️ 最近の大規模なBTCの暴落は、いくつかの主要な米国の銀行と𝗝𝗣 𝗠𝗼𝗿𝗴𝗮𝗻機関によって orchestratedされたという噂が広まっています。🏦 彼らの主な目標は、𝗖𝗿𝗮𝘀𝗵 $BITCOIN であったようです。
🖋️ その機関は最初にBTCスポットを購入し、AIバブルのナラティブが始まる前から、数十億ドルを投じて𝗠𝗶𝗰𝗿𝗼𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆 (𝗠𝗦𝗧𝗥) 𝗦𝘁𝗼𝗰𝗸𝘀をショートし始めたとされています。📉 これに続いて、彼らはBTCについてのさまざまな𝗻𝗲𝗴𝗮𝘁𝗶𝘃𝗲 𝗡𝗘𝗪𝗦のストーリーを流し、人々に売却を促しました。
🤔 伝統的な銀行と金融機関がビットコインに根本的に反対していることは明らかです。この啓示は、アメリカのビットコイン支持者の間で大規模な𝗪𝗶𝘁𝗵𝗱𝗿𝗮𝘄𝗮𝗹 𝗪𝗮𝘃𝗲 🌊を引き起こし、皆に𝗝𝗣 𝗠𝗼𝗿𝗴𝗮𝗻銀行から資金を引き出すよう促しています。
⚠️ もしBTCが$120Kのレベルに上昇した場合、𝗠𝗶𝗰𝗿𝗼𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆 𝗦𝘁𝗼𝗰𝗸は約60%も急騰する可能性があり、これによりJP Morganのショートポジションの𝗟𝗶𝗾𝘂𝗶𝗱𝗮𝘁𝗶𝗼𝗻 💥のリスクも生じるでしょう。💔
💥 この最近のダンプは、暗号市場に対する𝗣𝗹𝗮𝗻𝗻𝗲𝗱 𝗔𝘁𝘁𝗮𝗰𝗸 ⚠️として説明されています。この情報はX(Twitter)で広く流通しており、さらに調査することをお勧めします。
📌 "あなたはこれについてどう思いますか? 🤔 コメントを下に共有してください。" 👇
#JPMorgan #MicroStrategy #FinancialNews
🗞️ 最近の大規模なBTCの暴落は、いくつかの主要な米国の銀行と𝗝𝗣 𝗠𝗼𝗿𝗴𝗮𝗻機関によって orchestratedされたという噂が広まっています。🏦 彼らの主な目標は、𝗖𝗿𝗮𝘀𝗵 $BITCOIN であったようです。
🖋️ その機関は最初にBTCスポットを購入し、AIバブルのナラティブが始まる前から、数十億ドルを投じて𝗠𝗶𝗰𝗿𝗼𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆 (𝗠𝗦𝗧𝗥) 𝗦𝘁𝗼𝗰𝗸𝘀をショートし始めたとされています。📉 これに続いて、彼らはBTCについてのさまざまな𝗻𝗲𝗴𝗮𝘁𝗶𝘃𝗲 𝗡𝗘𝗪𝗦のストーリーを流し、人々に売却を促しました。
🤔 伝統的な銀行と金融機関がビットコインに根本的に反対していることは明らかです。この啓示は、アメリカのビットコイン支持者の間で大規模な𝗪𝗶𝘁𝗵𝗱𝗿𝗮𝘄𝗮𝗹 𝗪𝗮𝘃𝗲 🌊を引き起こし、皆に𝗝𝗣 𝗠𝗼𝗿𝗴𝗮𝗻銀行から資金を引き出すよう促しています。
⚠️ もしBTCが$120Kのレベルに上昇した場合、𝗠𝗶𝗰𝗿𝗼𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆 𝗦𝘁𝗼𝗰𝗸は約60%も急騰する可能性があり、これによりJP Morganのショートポジションの𝗟𝗶𝗾𝘂𝗶𝗱𝗮𝘁𝗶𝗼𝗻 💥のリスクも生じるでしょう。💔
💥 この最近のダンプは、暗号市場に対する𝗣𝗹𝗮𝗻𝗻𝗲𝗱 𝗔𝘁𝘁𝗮𝗰𝗸 ⚠️として説明されています。この情報はX(Twitter)で広く流通しており、さらに調査することをお勧めします。
📌 "あなたはこれについてどう思いますか? 🤔 コメントを下に共有してください。" 👇
#JPMorgan #MicroStrategy #FinancialNews
セキュリティアラート!
CryptoPotato によると、最近、ある個人が暗号通貨フィッシング攻撃の被害に遭い、aEthWETH と aEthUNI の 420 万ドル相当の莫大な金額を失いました。😱
Web3 セキュリティ会社 Scam Sniffer は、攻撃者が偽の ERC-20 許可署名を使用して複数のトランザクションの承認を操作したことを明らかにしました。
被害者は無意識のうちにトランザクションにサインオフしたため、攻撃者は実行前に資金を不正なアドレスにリダイレクトできました。🕵️♂️
この高度な攻撃は、プラットフォーム間でスクリプト言語のオペレーションコードを悪用する悪意のあるソフトウェアである Opcode マルウェアを活用しました。
このタイプのマルウェアは、資金の経路を変更したり、不正な支出を承認したり、スマート コントラクト内の資産を固定化したりすることができ、従来のセキュリティ対策をすべて回避できます。
専門家は、Opcode マルウェアがオペレーティング システムやその他のソフトウェアの弱点を悪用して、被害者の CPU、メモリ、システム リソースを制御できると警告しています。
フィッシング行為が増加しており、詐欺師は高度な戦術を使ってセキュリティ対策を回避しています。
市場に多大な影響を与える資産を保有する仮想通貨の大口投資家でさえ、詐欺師の被害に遭い、数百万ドルを失っています。
警戒を怠らないでください
#cryptoattack #Write2Earn #ETH
CryptoPotato によると、最近、ある個人が暗号通貨フィッシング攻撃の被害に遭い、aEthWETH と aEthUNI の 420 万ドル相当の莫大な金額を失いました。😱
Web3 セキュリティ会社 Scam Sniffer は、攻撃者が偽の ERC-20 許可署名を使用して複数のトランザクションの承認を操作したことを明らかにしました。
被害者は無意識のうちにトランザクションにサインオフしたため、攻撃者は実行前に資金を不正なアドレスにリダイレクトできました。🕵️♂️
この高度な攻撃は、プラットフォーム間でスクリプト言語のオペレーションコードを悪用する悪意のあるソフトウェアである Opcode マルウェアを活用しました。
このタイプのマルウェアは、資金の経路を変更したり、不正な支出を承認したり、スマート コントラクト内の資産を固定化したりすることができ、従来のセキュリティ対策をすべて回避できます。
専門家は、Opcode マルウェアがオペレーティング システムやその他のソフトウェアの弱点を悪用して、被害者の CPU、メモリ、システム リソースを制御できると警告しています。
フィッシング行為が増加しており、詐欺師は高度な戦術を使ってセキュリティ対策を回避しています。
市場に多大な影響を与える資産を保有する仮想通貨の大口投資家でさえ、詐欺師の被害に遭い、数百万ドルを失っています。
警戒を怠らないでください
#cryptoattack #Write2Earn #ETH
さらにコンテンツを探すには、ログインしてください