Binance develops ‘antidote’ to address poisoning scams after $68M exploit

cyptouser6 months agoCryptocurrencies News150
55966e89>

Binance’s security experts developed an “antidote” against the growing instances of address poisoning scams, that trick investors into willingly sending funds to a fraudulent address.

The security team of the world’s largest cryptocurrency exchange developed an algorithm that detected millions of poisoned crypto addresses, according to a report shared with Cointelegraph:

“We have developed a unique method of identifying poisoned addresses, which helps us to alert users before they send money to criminals and was instrumental in identifying and flagging more than 13.4 million spoofed addresses on BNB Smart Chain and 1.68 million on Ethereum.”

Address poisoning, or address spoofing, is a deception trick where scammers send a small amount of digital assets to a wallet that closely resembles the potential victim’s address, to make it part of the wallet’s transaction history — hoping that the victim will accidentally copy and send funds to their address.

Binance’s algorithm detects spoofed addresses by first identifying suspicious transfers, such as those with near zero value or unknown tokens, pairing them with potential victim addresses, and timestamping malicious transactions to find the potential point of poisoning.

The spoofed addresses are registered in the database of Web3 security firm HashDit, Binance’s security partner, which will help protect the wider crypto industry from poisoning scams, according to Binance’s report.

“Many cryptocurrency service providers use HashDit’s API to boost their defenses against a variety of scams. One of them, for example, is Trust Wallet, which uses the database of poisoned addresses to alert users when they are about to transfer funds to a spoofed recipient.”

The algorithm will also help flag spoofed addresses on HashDit’s user-facing products, web browser extensions, and MetaMask Snaps.

Related: Post-FTX crypto industry needs education before regulation — Former Biden adviser

Address poisoning is a growing concern following $68 million scam

The necessity for a preventive algorithm became apparent two weeks ago, after an unknown trader lost $68 million to an address-poisoning scam. They accidentally sent $68 million worth of Wrapped Bitcoin (wBTC) in a single transaction to a spoofed address on May 3.

In a fortunate but mysterious turn of events, the thief returned the $68 million on May 13, after numerous on-chain investigators started shedding light on his potential Hong Kong-based IP addresses. This suggests that the scammer wasn’t a white hat hacker, but a thief that became scared of the public attention following the scam.

Address poisoning scams may seem easily avoidable, but most traders only verify the first and last digits of the wallet’s 42 alphanumeric characters, as most protocols only display the first and last digits.

Making matters more difficult, scammers rely on vanity address generators to customize their addresses to seem less random or more similar to a given address, according to Binance.

“An authentic Ethereum address like 0x19x30f…62657 could be spoofed using a similar-looking 0x19x30t…72657, which can be totally different in the middle while maintaining the first and last few characters.”
Scammers, WATCH OUT! Beware of the crypto vigilante! | Crypto stories Ep. 4. Source: Cointelegraph

Related: Ether turns inflationary for the first time since the Merge

The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other issues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.

related articles

Celsius sold off $250 million in ETH and other assets in 30 days

Bankrupt cryptocurrency lender Celsius has sold off $250 million worth of digital assets, including...

Lessons from CertiK's dispute with Kraken

55966e89˃White hat hacking, or ethical hacking, is a crucial component of cybersecurity. It’s hackin...

Trump could be considering Bitcoin as a reserve asset to join the ‘SoftWar’ road to $1 million

Jason Lowery, the author of “SoftWar: A Novel Theory on Power Projection and the National Stra...

Taiwan Mobile's VASP license bid aims to fuse digital assets with mainstream services

Taiwan Mobile, the second-largest telecom operator in Taiwan, has applied for a license to operate a...

Arkham posts $150K bounty to find creator of DJT Trump token

Arkham posts $150K bounty to find creator of DJT Trump token

55966e89˃Arkham Intelligence has offered a $150,000 bounty for whoever can identify the creator of t...

Bitfarms rejects Riot's unsolicited acquisition offer

Bitfarms said on May 29 that it rejected Riot Platform’s unsolicited acquisition proposal because th...