Scam Alert: Metamask Warns of New Exploit, Here's What It's All About

Decentralized noncustodial wallet Metamask has sounded the alarm over a new scam that is now being used to drain users of their assets. Christened the "Address Poisoning" scam, this new fraud model relies on scammers deceiving users with respect to the wallet addresses they send money to.

The scam is different from any ever recorded by the wallet, and for it to work unimpeded, the fraudster uses some advanced software to monitor your transactions and generate a "vanity" address that looks just like yours. Then, he sends a negligible amount of money to his address, which has the same hexadecimal numbers at the start and end of the address.

By doing this, the hacker has already poisoned your address and hopes that when you copy the address from your transaction history to conduct a transaction next time, you will copy the hack address and send funds to it.

The address poisoning scam relies on the negligence of the user, and it thrives on the fact that crypto addresses are too long for users to memorize. The scam is new, and the addresses copied can be either for the sender or receiver of the real transaction.

Preventing address poisoning scam

The address poisoning scam is difficult to spot, and once the user mistakenly credits the hacker, it is impossible to reverse the transaction. According to Metamask, it is possible to prevent this new fraud strategy by carefully examining the middle part of an address before sending money to it.

Since the scam only thrives when users copy addresses from their transaction histories, the infrastructure service provider advised users to refrain from using this medium to gain access to the addresses they want to send funds to. The protocol reassured everyone that it is doing all it can to protect its users, considering the fact that it has been embroiled in a number of scams in the past.