Address Poisoning Uses Your Own Transaction History Against You

Address Poisoning Uses Your Own Transaction History Against You

Attackers create fake transactions to pollute your wallet history

They hope you will copy the wrong address when making your next payment.

Address poisoning is a sophisticated attack that targets your natural habits. Most users copy addresses from their recent transaction history instead of typing them manually.

Scammers exploit this behavior. They create fake transactions that appear in your wallet history with addresses that look similar to legitimate ones you have used.

How address poisoning attacks work

The attacker monitors your wallet activity on the blockchain. When you receive crypto from someone, they note both your address and the sender's address.

The scammer then creates a new address that looks similar to the legitimate sender's address. They might match the first few characters and the last few characters.

Next, they send a small amount of crypto to your wallet from this fake address. The transaction appears in your wallet history alongside legitimate transactions.

When you want to send crypto back to the original sender, you might accidentally copy the poisoned address from your transaction history.

Why this attack succeeds

Your transaction history becomes cluttered with both real and fake transactions. The fake addresses often look legitimate at first glance.

Many users do not verify the full address when copying from their history. They assume addresses in their wallet history are safe to use.

The small amounts sent by attackers make the fake transactions look like legitimate activity. Some wallets sort transactions by date, placing recent poisoned transactions at the top.

A real world scenario

A user receives payment from a client whose address starts with "1A2B3C" and ends with "9Z8Y7X".

An attacker creates a similar address starting with "1A2B3C" and ending with "9Z8Y7X" but with different characters in the middle.

The attacker sends 0.0001 BTC to the user's wallet from this fake address.

When the user wants to return overpayment to their client, they copy what they think is the client's address from their transaction history.

They send the crypto to the attacker's address instead of their client.

How to protect against address poisoning

Always verify the complete address before sending any transaction. Do not rely on just the first and last few characters.

• Use address labels in your wallet to identify trusted contacts
• Double-check addresses by comparing them character by character
• Consider using a separate contact list outside your wallet
• Send small test amounts first when dealing with large transactions
• Be suspicious of unexpected small incoming transactions

Where hardware wallets help

Hardware wallets display the full destination address on their screen during transaction signing. This forces you to review the complete address before confirming.

The physical screen cannot be compromised by malware that might alter addresses displayed on your computer screen. You see exactly where your crypto is going.

Some hardware wallets also support address verification features. These help you confirm that an address matches your intended recipient.

Unsure how to verify addresses safely

Some users rely on their transaction history for convenience.

Others maintain separate contact lists with verified addresses.

The right approach depends on how frequently you send crypto to the same recipients.

You can use our wallet selector to find a hardware wallet with address verification features.

Find the right wallet in under a minute

Final thought

Transaction history is meant for record keeping, not address sourcing. Verification should happen before every transaction, not after problems arise.