Address poisoning attack

2022-12-10
Mirsad

In this scenario, the attacker creates a vanity address that is similar to the victim's address in order to trick them into sending funds to the wrong account. The attacker sends small amounts of cryptocurrency, such as USDT, to the victim's address in order to lure them into checking their balance on a block explorer. When the victim checks their balance, they may be tempted to copy and paste the address of the historical transaction, but they may accidentally copy the attacker's address instead. If the victim then sends funds to the attacker's address, they will inadvertently transfer their funds to the wrong account. This type of attack relies on the victim's carelessness and can be difficult to defend against.

A vanity address is a cryptocurrency address that has been customized to include a specific word or phrase. For example, a person's name, a company name, or a message of their choice. Vanity addresses are typically created using special tools that allow the user to generate an address with a specific pattern of characters. These addresses are not inherently more secure than regular addresses, but they can be more memorable and can be used to create a personal brand or identity within the cryptocurrency community.

While seemingly simple and similar to the Dusting Attack, this is a completely new thing closer to social engineering/vanity attacks/phishing!

Analysis:

Attack vector

Users who encounter this situation do not need to be scared, everyone's assets are safe, the private key is not leaked or compromised, you just need to carefully confirm the address and not transfer to the wrong address.

Always double check full address, before sending crypto assets.

In this attack, the hacker monitors the transfer information of several stablecoins on the blockchain and captures the information related to transactions that a victim (A) typically sends to another user (B). The hacker then creates a new address (C) that has the same first and last digits as B's address, and uses this address to send small amounts of stablecoin to A. The goal is to trick A into copying the wrong address and sending funds to C by mistake. This attack is similar to a dusting attack, but it is more focused on social engineering and phishing. It is important for users to carefully confirm the addresses of their transactions in order to avoid falling victim to this type of attack.

Here is an example of legit ETH address:

0xe096886ef8f595a26f2a00314e11149d619d9734

This one is vanity address, which can be confused for the real one:

0x3923e0289Ed93eD6Bfcea1a1F72e392Cd1Ad9734

Here is one way of creating vanity addresses with desired prefix and suffix.

Before you send any assets to other crypto address make sure to whitelist that address and double check full address (not only last digits)!

Join our team

If you're interested in joining our team to assist in researching modern threats across web3, please don't hesitate to reach out to us.

Contact Us

Ready for Action?

Don’t hesitate to contact us if you need more information.
Let's Go!
ALVOSEC
BTC: bc1qnn4zfqqtexl4fkjk2vz6tk74sn92x326wwn0ph

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram