Binance’s security experts have developed an algorithm to counteract the rising instances of address poisoning scams, where investors are tricked into sending funds to fraudulent addresses.
Address poisoning, also known as address spoofing, involves scammers sending a small amount of digital assets to a wallet that closely resembles the potential victim’s address. This action embeds the fraudulent address into the wallet’s transaction history, increasing the likelihood that the victim will mistakenly send funds to the scammer’s address.
Binance Algorithm Identifies Millions of Spoofed Addresses
The algorithm created by Binance’s security team, as detailed in a report shared in an interview, has been instrumental in identifying and flagging millions of spoofed addresses. Specifically, it has identified over 13.4 million spoofed addresses on the BNB Smart Chain and 1.68 million on Ethereum. The algorithm works by detecting suspicious transfers, such as those with minimal value or unknown tokens, pairing them with potential victim addresses, and timestamping malicious transactions to pinpoint the potential point of poisoning.
These spoofed addresses are then registered in the database of HashDit, a Web3 security firm partnered with Binance. This partnership aims to protect the wider cryptocurrency industry from address poisoning scams.
HashDit’s API is widely used by cryptocurrency service providers, including Trust Wallet, which leverages the database of poisoned addresses to alert users when they are about to transfer funds to a spoofed recipient. Additionally, the algorithm helps flag spoofed addresses on HashDit’s user-facing products, such as web browser extensions and MetaMask Snaps.
The Binance Antidote: Protecting Users From Address Poisoning Attacks https://t.co/azzg8zX47a
— Fabien Petit (@FabienPetit71) May 16, 2024
High-Profile Scam Highlights Urgent Need for Solutions
The urgency for such a preventive measure became evident following a significant incident two weeks ago. An unknown trader lost $68 million worth of Wrapped Bitcoin (WBTC) in a single address-poisoning scam. The theft was first identified by on-chain security firm Cyvers, which reported on May 3 that a victim, known as wallet “0x1E,” had lost over 97% of its total assets, valued at over $67.8 million.
In a surprising turn of events, the thief returned $71 million worth of Ether tokens on May 12 after the high-profile phishing incident drew the attention of multiple blockchain investigation firms. Lookonchain, an on-chain security firm, provided further details in a May 13 report, explaining that the attacker had returned all the funds after a report by SlowMist Team tracked multiple IP addresses possibly originating from Hong Kong, although the use of VPNs had not been ruled out.
Despite the return of the stolen funds, the on-chain transactions leading up to this event suggest that the exploiter had no initial intention of returning them. After receiving the stolen WBTC, the attacker swiftly converted the 1,155 WBTC to approximately 23,000 ETH, a common tactic among hackers to launder stolen funds through privacy protocols and crypto mixing services like Tornado Cash.
By May 8, the attacker had distributed the funds across over 400 crypto wallets, ultimately dispersing them into more than 150 separate wallets before returning the assets. This move was likely a reaction to the potential consequences outlined in SlowMist’s analysis.
Challenges in Identifying and Preventing Address Poisoning
Address poisoning scams, though seemingly straightforward to avoid, exploit the common practice among traders of verifying only the first and last digits of a wallet’s 42 alphanumeric characters, as most protocols display only these digits.
This vulnerability is further exacerbated by scammers who use vanity address generators to create addresses that appear less random and more similar to legitimate ones. For instance, an authentic Ethereum address like 0x19x30f…62657 could be spoofed with a similar-looking address such as 0x19x30t…72657, which is different in the middle while maintaining the same initial and final characters.
Binance’s new algorithm and the partnership with HashDit represent a significant step forward in protecting cryptocurrency users from address poisoning scams. By identifying and flagging millions of spoofed addresses, Binance is working to ensure that users are alerted before they unwittingly send money to criminals, thereby safeguarding the integrity of the cryptocurrency ecosystem.
- Crypto Price Update July 24: BTC Maintains $66K, ETH at $3.4K, XRP, TON, and ADA Rallies
- Bitcoin Falls to $65K as Mt. Gox Transfers $2.8 Billion BTC to External Wallet
- News of Marathon Digital’s $138 Million Fine for Breach of Non-Disclosure Agreement Triggers a Bearish 2.5% of Its MARA Stock
- Are $530M Bitcoin ETF Inflows a Blessing or Caution?
- Metaplanet Teams with Hoseki for Real-Time Bitcoin Holdings Verification
- Building Secure Blockchain Systems: An Exclusive Interview with ARPA and Bella Protocol CEO Felix Xu
- Building The “De-Facto Crypto Trading Terminal”: An Exclusive Interview with Aurox CEO Giorgi Khazaradze
- Building a New Global Financial System: An Exclusive Interview With Tyler Wallace, Analytics Head at TrustToken
- “Solana is the Promised Land for Blockchain” — An Exclusive Interview with Solend Founder Rooter
- El Salvador: Where The Bitcoin Revolution Begins With A Legal Tender