Binance develops ‘antidote’ to address poisoning scams after $68M exploit

As a researcher with experience in the cryptocurrency industry, I’m relieved to learn that Binance’s security team has developed an algorithm to detect and prevent address poisoning scams. This is a significant concern for the crypto community as these types of scams can easily trick investors into sending funds to fraudulent addresses.


Binance‘s security team has created a solution to combat the rising number of address poisoning schemes, where investors unwittingly transfer funds to deceitful wallet addresses.

According to a report obtained by CryptoMoon, the security unit at the globe’s most significant cryptocurrency trading platform devised a mechanism for identifying over millions of potentially tainted crypto wallet addresses.

“We have developed a unique method of identifying poisoned addresses, which helps us to alert users before they send money to criminals and was instrumental in identifying and flagging more than 13.4 million spoofed addresses on BNB Smart Chain and 1.68 million on Ethereum.”

As a crypto investor, I’ve come across the dangerous technique called address poisoning or spoofing. Scammers cleverly send a minimal amount of digital assets to a wallet with an address similar to mine. Their goal is to manipulate my transaction history, in the hopes that I’ll unintentionally copy and transfer funds to their malicious address. It’s essential for me to double-check every transaction, ensuring I’m sending funds to the correct address.

Binance’s algorithm detects spoofed addresses by first identifying suspicious transfers, such as those with near zero value or unknown tokens, pairing them with potential victim addresses, and timestamping malicious transactions to find the potential point of poisoning.

The fraudulent IP addresses are recorded in the database of HashDit, the web security company collaborating with Binance. This action is aimed at safeguarding the entire crypto sector against malicious activities like poisoning scams, as mentioned in Binance’s report.

“Many cryptocurrency service providers use HashDit’s API to boost their defenses against a variety of scams. One of them, for example, is Trust Wallet, which uses the database of poisoned addresses to alert users when they are about to transfer funds to a spoofed recipient.”

As a data analyst, I would explain it this way: I will be implementing an algorithm that identifies and flags potential spoofed addresses in Hash Dit’s user interfaces, including web browser extensions and MetaMask Snaps.

Address poisoning is a growing concern following $68 million scam

Two weeks ago, I came to realize the importance of implementing a preventive algorithm following a disconcerting incident involving an unidentified trader and a $68 million loss. In a tragic mistake, this trader transferred $68 million worth of Wrapped Bitcoin (wBTC) in a single transaction to what appeared to be a fraudulent address on May 3.

As a crypto investor, I was elated yet puzzled when the thief returned the $68 million on May 13. The community of on-chain investigators had been working tirelessly to uncover clues about the potential IP addresses linked to this heist, which seemed to point towards a Hong Kong origin. This discovery indicated that the person behind the scam wasn’t an ethical hacker trying to make things right, but rather a thief who grew uneasy under the mounting public scrutiny following the theft.

Poisoning attacks on cryptocurrency transactions can appear to be simple to prevent, but the majority of traders merely check the initial and final digits of a wallet’s 42-character alphanumeric key. Most protocols restrict the display to these digits.

Scammers add an extra layer of deceit by utilizing customizable address generators, as per Binance, which enables them to create addresses that appear less random or even resemble legitimate ones.

“An authentic Ethereum address like 0x19x30f…62657 could be spoofed using a similar-looking 0x19x30t…72657, which can be totally different in the middle while maintaining the first and last few characters.”

Read More

2024-05-16 12:55