NEW YORK — Transaction patterns on the ethereum blockchain suggest scammers may have launched a new “address poisoning” campaign, according to an analysis cited by CoinDesk.
CoinDesk noted that Citi analysts said recent activity on the decentralized network shows hallmarks commonly associated with address poisoning scams, in which criminals attempt to trick users into mistakenly sending funds to fraudulent wallet addresses.
In an address poisoning scheme, scammers send small amounts of cryptocurrency from wallet addresses that closely resemble those a victim frequently uses. The goal is to create misleading transaction histories so that victims later copy and reuse the scammer’s address by mistake, according to CoinDesk.
Surge in Transactions
Analysts pointed to a record surge in ethereum transactions and active addresses at a time when bitcoin activity has been declining. A large share of the ethereum transactions were valued at less than $1, and transaction fees remained low, making it inexpensive for attackers to distribute small payments widely, CoinDesk said.
“This transaction trend is often associated with ‘address poisoning’ scam campaigns,” the Citi analysts said, according to the report.
Potential Role in Earlier Attack
Blockchain analytics firm TRM Labs previously warned that address poisoning may have played a role in a May 2024 attack on Japanese cryptocurrency exchange DMM Bitcoin, which resulted in the theft of digital assets valued at more than $300 million.
“While the exact cause of the attack remains unknown, potential vectors include stolen private keys or address poisoning — a tactic wherein attackers send tiny amounts of cryptocurrency to a victim’s wallet to create fake transaction histories, potentially confusing users into sending funds to the wrong address in future transactions,” TRM Labs said in a July 2024 report cited by CoinDesk.
Law Enforcement Concerns
CoinDesk noted that U.S. law enforcement has also flagged similar tactics. The FBI’s Denver office said in April 2024 that criminals have been creating cryptocurrency tokens that impersonate well-known digital assets but have no real value, then sending them to victims as part of address poisoning attacks.
Because many cryptocurrency wallet applications truncate addresses when displaying them, the first and last characters of a fraudulent address may appear identical to a legitimate one, while the middle characters differ, the FBI said.
“Impersonation tokens increase the likelihood that address-poisoning attacks will work against both experienced and newer cryptocurrency users,” the agency said, Coindesk reported,
