The Good Tech Companies - You Could Lose Your Crypto If You Copy-Paste Your Wallet Address—Here's What You Could Do Instead

Starting point is 00:00:00 This audio is presented by Hacker Noon, where anyone can learn anything about any technology. You could lose your crypto if you copy-paste your wallet address, here's what you could do instead, buy Obite. Crypto addresses aren't exactly the simplest thing to memorize. No one does, indeed. We often just copy and paste our crypto addresses to send and receive funds, and that's it. However, this tiny step of copy- pasting could turn out terribly wrong if you happen to copy an address that wasn't the one you intended to send funds to, but you got confused because it looked very, very similar and it was in your own wallet history. That's address poisoning.

Starting point is 00:00:36 This type of attack happens when cyber criminals create vanity addresses, which are crypto addresses with a customization degree. There are even free generators online. They make these new addresses look as similar as possible to the ones available in your public transaction history, Bitcoin, Ethereum, and Obyte A Republic networks, for instance, where anyone can consult most transactions using an explorer. The next step is sending meaningless amounts of funds to your wallet, effectively poisoning your transaction history. When you later copy-paste an address from your transaction history for sending funds, you might mistakenly select the attacker's similar-looking address, causing your coins to go to them instead. In most chains, crypto transactions are irreversible, so it's

Starting point is 00:01:20 unlikely that you ever recover your funds after this oversight. Behind the scenes, as described by Chainalysis, attackers running address poisoning campaigns often rally on ready-made tools sold on dark web marketplaces. These kits include software that creates thousands of wallet addresses mimicking real ones, automating the process of sending small, dust, transactions to victims. With beginner-friendly interfaces and detailed guides, even low-skilled scammers can launch large-scale campaigns. For example, a single campaign seeded over 82,000 fake Ethereum addresses in 2024, nearly 1% of all newly created addresses during that period,

Starting point is 00:01:59 targeting experienced crypto users with higher wallet balances. Nunn high-profile attack on May 3, 2024, targeted an unknown crypto whale, resulting in $68 million in wrapped Bitcoin, WBTC, being sent to an attacker-controlled wallet. The attacker exploited the victim's reliance on address prefixes, creating a look-alike address, similar enough to confuse the victim at the moment of sending funds. The stolen funds, briefly valued at $71 million due to market changes, were partially returned after a series of phone chain messages from the victim, including a veiled threat. The attacker kept $3 million in profits after routing transactions

Starting point is 00:02:39 through multiple intermediary wallets. Despite a low success rate per malicious address, only 0.03% received over $100, the campaign's scale and targeting of high-value victims resulted in substantial profits. For instance, the $3 million retained by the scammer above yielded a remarkable ROI of over 1,147%. The stolen funds were primarily laundered through DeFi protocols and a centralized exchange, CEX, in Eastern Europe. This campaign exemplifies how address poisoning can combine low effort with high potential rewards, making it a persistent threat in the crypto space. Preventive measures or avoid addresses. Protecting yourself from address poisoning starts with meticulous attention to detail. Always double-check every character in a wallet address before initiating a transaction.

Starting point is 00:03:29 Scammers rely on the fact that similar-looking addresses can easily confuse users. Rather than relying on transaction history, copy addresses directly from trusted sources, such as saved contacts, directly from your exchange, or from verified messages. Some wallets even allow you to save legitimate addresses as contacts, directly from your exchange, or from verified messages. Some wallets even allow you to save legitimate addresses as contacts, making future transactions faster and safer. Test transactions are another helpful safeguard. Sending a small, symbolic amount first ensures the address is correct before transferring large sums. Just make sure to copy the correct one the second time. Incorporating secure practices into your crypto routine is essential,

Starting point is 00:04:07 but you can also simplify your crypto experience by using systems that minimize reliance on wallet addresses. For example, Obite allows you to send funds through text coins, simple, shareable codes that can be sent via email, chat, or even printed. These codes, 12 random words, make transferring funds intuitive and address-free, with clear instructions for claiming them, whether you're the sender or the receiver. This approach eliminates the risk of address confusion entirely. Besides, Obite also lets you link your wallet to your email, a new username, or a GitHub profile through its attestation system. Once verified, you can use these identifiers,

Starting point is 00:04:45 such as at username, github, username, or just email address, instead of cryptic addresses, making transactions not only safer but also far more user-friendly. Featured vector image by Freepik Thank you for listening to this HackerNoon story, read by Artificial Intelligence. Visit HackerNoon.com to read, write, learn and publish.

The Good Tech Companies - You Could Lose Your Crypto If You Copy-Paste Your Wallet Address—Here's What You Could Do Instead

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.