Binance develops algorithm to combat address poisoning scams

Share this article

URL Copied

Blockchain security researchers from Binance have developed an algorithm that could detect poisoned crypto addresses on both the BNB Smart Chain and Ethereum networks.

Address poisoning is a type of scamming method in the crypto space where threat actors send small amounts of crypto from and address that resembles a victim’s address. The purpose of such an attach is to mislead the targeted user to mistakenly use this fake address for transactions, resulting in funds being sent to a scammer instead of the intended recipient. This attack preys on users’ carelessness, as they may overlook subtle differences in addresses.

A recent incident of address poisoning led to the loss of $71 million worth of Wrapped Bitcoin (wBTC), alarming the crypto industry on the prevalence and scale of damage that such methods could incur. Fortunately, the thief returned the funds on May 13, likely due to the public attention and investigations into their potential Hong Kong-based IP addresses.

Binance’s algorithm identifies spoofed addresses by detecting suspicious transfers, such as those with near-zero value or unknown tokens, pairing them with potential victim addresses, and timestamping malicious transactions to pinpoint the potential point of poisoning. The spoofed addresses are then registered in the database of Web3 security firm HashDit, Binance’s security partner, to help protect the wider crypto industry from these scams.

Address poisoning scams can be difficult to detect, as most traders only verify the first and last digits of the wallet’s 42 alphanumeric characters, and most protocols only display these digits. Scammers also use vanity address generators to customize their addresses, making them appear less random or more similar to a given address.

Share this article

URL Copied