Binance Unveils ‘Antidote’ for $68M Poisoning Scam
3 min readBinance has tackled the escalating threat of address poisoning scams by creating an “antidote” to protect investors from fraudulently sending funds to deceptive addresses. The world’s largest cryptocurrency exchange’s security team devised an algorithm capable of identifying and flagging millions of poisoned crypto addresses, according to shared information. This new method focuses on safeguarding users by alerting them before they fall victim to such scams and was pivotal in detecting more than 13.4 million spoofed addresses on BNB Smart Chain and 1.68 million on Ethereum.
Address poisoning, also known as address spoofing, is a trick where scammers send minute amounts of digital assets to a wallet that looks nearly identical to the target’s address. This deception aims to embed the malicious address in the wallet’s transaction history, hoping to exploit the user’s mistake of copying and sending funds to the wrong address. Binance’s newly developed algorithm identifies these spoofed addresses by flagging suspicious transfers, such as those with minimal value or unknown tokens. By matching these transactions with potential victim addresses and recording the times of these transfers, the algorithm can pinpoint the likely instances of address poisoning.
These counterfeit addresses are then recorded in the database of Binance’s security partner, HashDit, a Web3 security firm. With this collaboration, the broader cryptocurrency community is shielded against such scams. Binance emphasizes that numerous cryptocurrency service providers integrate HashDit’s API to fortify their defenses against various frauds. For instance, Trust Wallet utilizes this database to alert users when attempting to transfer funds to a spoofed recipient.
Binance’s algorithm extends its capabilities by flagging spoofed addresses within HashDit’s user-focused products, including web browser extensions and MetaMask Snaps. Address poisoning has become a pressing issue, especially after a significant incident where an unknown trader lost $68 million to an address-poisoning scam. The trader mistakenly sent $68 million worth of Wrapped Bitcoin (wBTC) in a single transaction to a deceptive address.
Interestingly, the stolen $68 million was returned on May 13, following intense scrutiny from on-chain investigators who uncovered potential Hong Kong-based IP addresses linked to the scammer. This unexpected return hints that the fraudster succumbed to the mounting public attention and pressure, showing they were not a benevolent hacker but a thief who reconsidered due to the spotlight on their actions.
Address poisoning scams, though seemingly avoidable, tend to succeed because many traders only verify the first and last digits of a wallet’s 42 alphanumeric characters. Most protocols contribute to this vulnerability by displaying only the initial and terminal digits. To complicate matters further, scammers utilize vanity address generators to craft addresses that appear less random and more convincingly similar to legitimate ones.
For example, Binance points out that a genuine Ethereum address like 0x19x30f…62657 can be manipulated to look deceptively similar to 0x19x30t…72657. Despite the middle characters being entirely different, the start and end match is often sufficient to mislead users who do not check the entire address string meticulously.
Binance’s enhanced security measures represent a significant stride in combating address poisoning. By proactively identifying and warning against spoofed addresses, Binance aims to establish a safer environment for cryptocurrency transactions, preventing substantial financial losses and boosting user confidence in the crypto ecosystem. The integration with HashDit and the broader utilization of its API by other service providers underline the importance and effectiveness of collective security efforts in the evolving landscape of digital assets.
Binance claims to have an antidote but can they actually prevent future losses? This just feels like a PR stunt. 📢
Thank you, Binance, for protecting us with your new solution to address poisoning. 🙏🔐”
Fantastic news from Binance! Their new algorithm to combat address poisoning is a massive step forward.
Honestly, this whole ‘antidote’ thing feels like a band-aid solution. How many more millions need to be lost before real changes are made?
So glad to see Binance prioritizing user security with this initiative. Well done!
Binance’s new protection measures are a game-changer. Thank you for keeping us secure!
Call me cynical, but will this really stop the scammers? They always seem to be one step ahead.
Why do these security measures always come after someone loses millions? 🤦♂️ The crypto scene needs to step up their game sooner. This is just damage control.
👏 Bravo Binance for tackling address poisoning head-on! This will boost confidence across the crypto community. 💪🛡️”
Taking this long to address such a massive issue? Typical Binance. Late to the party, as always!
Hats off to Binance for creating a safer crypto environment. This algorithm is a significant achievement!
👏 Binance’s proactive approach to address poisoning is much appreciated. Huge win for user security! 🔐💪”
Bravo Binance! Always ahead in protecting the crypto community. This is fantastic!
🌟 Kudos to Binance for stepping up security measures! This algorithm is a game-changer for crypto safety. ” 🚀
Amazing work, Binance! This algorithm will undoubtedly save many from falling into scams. Thank you! 🙏💼”
Binance is setting the standard for crypto security with this new algorithm. Great job!
Address poisoning got nothing on Binance’s new algorithm! Thank you for keeping us safe!
Kudos to Binance! Address poisoning will be a thing of the past thanks to their new algorithm. 🚀🌟”
Only now Binance warns us about address poisoning? Feels like they’re admitting past negligence. Not reassuring at all! 😤
Great, another broken promise from Binance? 😒 This ‘antidote’ better work because I’ve already lost trust in these exchanges.