Main navigation

Scam Alert: Metamask Warns of New Exploit, Here's What It's All About

Thu, 01/12/2023 - 08:40
article image
Godfrey Benjamin
Metamask has shared details of new scam called "Address Poisoning"
Scam Alert: Metamask Warns of New Exploit, Here's What It's All About
Cover image via

Disclaimer: The opinion expressed here is not investment advice – it is provided for informational purposes only. It does not necessarily reflect the opinion of U.Today. Every investment and all trading involves risk, so you should always perform your own research prior to making decisions. We do not recommend investing money you cannot afford to lose.

Read U.TODAY on
Google News

Decentralized noncustodial wallet Metamask has sounded the alarm over a new scam that is now being used to drain users of their assets. Christened the "Address Poisoning" scam, this new fraud model relies on scammers deceiving users with respect to the wallet addresses they send money to.

The scam is different from any ever recorded by the wallet, and for it to work unimpeded, the fraudster uses some advanced software to monitor your transactions and generate a "vanity" address that looks just like yours. Then, he sends a negligible amount of money to his address, which has the same hexadecimal numbers at the start and end of the address.

By doing this, the hacker has already poisoned your address and hopes that when you copy the address from your transaction history to conduct a transaction next time, you will copy the hack address and send funds to it.

The address poisoning scam relies on the negligence of the user, and it thrives on the fact that crypto addresses are too long for users to memorize. The scam is new, and the addresses copied can be either for the sender or receiver of the real transaction.

Preventing address poisoning scam

The address poisoning scam is difficult to spot, and once the user mistakenly credits the hacker, it is impossible to reverse the transaction. According to Metamask, it is possible to prevent this new fraud strategy by carefully examining the middle part of an address before sending money to it.

Since the scam only thrives when users copy addresses from their transaction histories, the infrastructure service provider advised users to refrain from using this medium to gain access to the addresses they want to send funds to. The protocol reassured everyone that it is doing all it can to protect its users, considering the fact that it has been embroiled in a number of scams in the past.

article image
About the author

Godfrey Benjamin is an experienced crypto journalist whose main goal is to educate everyone around him about the prospects of Web 3.0. His love for crypto was birthed when, as a former banker, he discovered the obvious advantages of decentralized money over traditional payments. With his vast experience covering various aspects of Web3, Godfrey's articles has been featured on, Cryptonews and Coingape, among others.