Binance Develops ‘Antidote’ to Address Addiction Scams After $68 Million Exploit

adminMay 16, 2024

Security experts at Binance have developed an “antidote” to the growing number of cases of address poisoning scams that trick investors into willingly sending funds to fraudulent addresses.

According to a report shared with Cointelegraph, the security team at the world’s largest cryptocurrency exchange developed an algorithm to detect millions of infected cryptocurrency addresses.

“We have developed a unique way to identify poisoned addresses, which allows us to warn users before they send money to criminals, and we have identified over 13.4 million spoofed addresses on the BNB Smart Chain and over 1.68 million spoofed addresses on Ethereum. played an important role in identifying and labeling.”

Address poisoning, or address spoofing, is a trick in which a fraudster transfers a small amount of digital assets to a wallet that is very similar to the potential victim’s address, making it part of the wallet’s transaction history. This is because they hope the victim accidentally copies and sends it. Deliver funds to your own address.

Binance’s algorithm first identifies suspicious transfers, such as near-zero value or unknown tokens, matches them with potential victim addresses, and timestamps malicious transactions to find potential points of poisoning. Detect spoofed addresses.

According to Binance’s report, the spoofed address is registered in the database of Binance’s security partner, Web3 security company HashDit, which will help protect the broader cryptocurrency industry from poisoning scams.

“Many cryptocurrency service providers use HashDit’s API to strengthen their defenses against various frauds. “For example, Trust Wallet uses a database of poisoned addresses to alert users when they try to transfer funds to a spoofed recipient.”

This algorithm also helps flag spoofed addresses in HashDit’s user-facing products, web browser extensions, and MetaMask Snaps.

Related: After FTX, Crypto Industry Needs Education Before Regulation — Former Biden Advisor

$68 million fraud raises concerns about address poisoning.

The need for preventative algorithms became clear two weeks ago after an unknown trader lost $68 million to an address poisoning scam. They accidentally sent $68 million worth of Wrapped Bitcoin (wBTC) to a spoofed address in a single transaction on May 3.

Luckily, a mysterious turn of events resulted in the thief getting his $68 million back on May 13th. This was after numerous on-chain investigators began uncovering his potential Hong Kong-based IP address. This suggests that the fraudster was not a white hat hacker, but rather a thief who feared public attention after the fraud.

Address poisoning scams may seem easy to avoid, but since most protocols only display the first and last digits, most traders only check the first and last digits of their wallet’s 42 alphanumeric characters.

To make matters worse, scammers rely on vanity address generators to customize their addresses to look less random or more similar to a given address, Binance says.

“A real Ethereum address like 0x19x30f…62657 can be spoofed using the similar-looking 0x19x30t…72657, which may retain the first and last few characters but be completely different in the middle.”