Address Poisoning – Everything you need to know

Welcome to Hoken Tech

Address Poisoning is a type of cyber-attack in which attackers send a blockchain transaction to the victim's blockchain address to steal funds.

This attack is especially dangerous for those unfamiliar with the business because once the offending transaction is received, it cannot be removed and can be misused by the victim.

The attack works by sending a transaction that originates from an address very similar to a user's legitimate address, which can allow the attackers to receive the victim's funds. Users need to be aware of this attack and take necessary precautions to protect their funds and data.

As we have anticipated, this is a computer attack aimed at blockchain users, and this attack aims to create havoc in the victim's transactions as, especially for inattentive users, it can turn into a nightmare as they could inadvertently copy and use the address of the criminal.

If this attack occurs, the consequences are limited only as long as the blockchain address of the criminal is used, since, for example, if we need to receive cryptocurrencies at our address and we provide the criminal's address, then at that point, the cryptocurrencies will not end up in our blockchain address (or rather accounted for at our address) but will end up in the criminal's address, and we will have completely lost those funds.

Furthermore, we will not even be able to attribute the error to the sender of the funds as the sender will have executed and used the very address that you have provided him, and completed a confirmed transaction that can be viewed from any block explorer.

To better understand this type of attack and how to protect yourself, let's see together how criminals operate and what strategies they adopt to "track" us and exploit this type of attack, even if there are several techniques that can be implemented.

There are several ways to identify a victim for this type of attack, such as targeting the addresses of the exchanges and then creating an address similar to that of the exchange, meaning that if the victim misspells the relevant address, then the criminal over time will receive the various shipments, an attack which, as it is possible to imagine, becomes passive and can generate an income over time (this is why the various exchanges change the deposit addresses from time to time).

Or the criminals exploit onchain tracking systems with various tools, where it is possible to trace the movements of a specific account, to be alerted when a user carries out a transaction and automatically launch his transaction immediately after that of the victim.

Once we have identified a victim and recovered his public address, we just have to go and create a new address that resembles the address we want to attack, and this serves precisely to confuse the victim as blockchain addresses, being quite long , it is easy to read them wrong and therefore you take either some initial digits of the address or the last final digits, and then click on them and copy the relative address.

To create an address that looks like another, it is possible to do it with some tools that allow you to customize your address, processing several calculations to actually find the desired one or rather find the private key that opens that address, and to do this we simply need to exploit a generator of blockchain addresses which in jargon are called "vanity address generator".

Let's see a practical case by taking the well-known blockchain address of the Binance exchange on Polygon which is as follows:

At this point, all we have to do is use a program that allows you to generate vanity addresses such as this and then launch it and wait until the software finds the private key of that specific address, which in this case we have chosen to keep the last 7 digits identical to the Binance address:

A long and complex process the more identical numbers we have chosen, and just to get an idea of ​​the time needed, here is that to find the private key of that address similar to that of Binance, it takes just 1 month of work with an entry-level home PC, time that is drastically reduced by exploiting various cloud platforms to obtain more power:

If instead of 7 digits, we just want the last 5 digits equal to those of Binance, here in a couple of minutes the program finds the private key without problems:

Once we have found the address and the relative private key, it will be enough to import the private key into our wallet, and then wait for the right moment to send the transaction to the victim's address and wait for the victim to accidentally use that wrong address and receive the victim's funds to our address.

We remind you that no system can prevent other users from sending us a transaction to our address, but what we can do is pay attention to the address we are using when we have to use it to receive funds, and these are some tips to keep in mind before to copy and paste an address that only appears to be the same as ours:

We conclude with the video explanation of the CTO of Hoken Tech, Alfredo, where he illustrates the steps and how to protect yourself from this type of attack: