‘Address Poisoning’ – New Scam Alert by MetaMask


  • Scammers are using “address poisoning” to send transactions of little value to your account from an address that is strikingly similar to your own.
  • One approach to saving oneself is to examine each character of an address before sending a transaction.
  • Address poisoning is a type of attack that typically uses tactics that have previously benefited numerous scammers.

MetaMask is alerting people about the new scam going on NFT platforms. It is called “Address Poisoning.” Address poisoning is an attack method that, unlike other frauds, frequently employs strategies that have previously served many fraudsters well, such as endless token validation, fishing for the private recovery keyword, and so on, and it places a premium on user negligence and haste. 

Following a legitimate transaction, the fraudster makes a $0 token transaction, “poisoning” the transaction records. Hackers use an address that has the same initial and last few characters as the entire transfer you sent, hoping you will not examine the complete address and instead duplicate theirs in a future transaction. People may safeguard themselves by double-checking the whole address or using the Address Book function.

Every wallet contains one or more accounts, each with a unique cryptographically created identity. These are lengthy hexadecimal numbers that contain both numerical and (some) alphabetical characters. This makes them incoherent to most people and, more importantly, extremely difficult to recall. 

With most Web3 applications supporting it, you’ve probably grown to depend on simply copying and pasting addresses rather than memorizing and writing them out. This saves a lot of time and guarantees that you don’t make any errors and that the payments are always sent to the correct destination.

There is no method for preventing others from submitting transactions to your address, especially fraudsters. We’re interfacing with public blockchains, so anybody, anywhere, can do whatever they want. However, Metamask can assist in determining whether people fall prey to the fraud by duplicating the address. 

This is a hard one, and awareness is key: even individuals who consider themselves to be very diligent, who double-check the beginning and/or finish of an address before copying it, might fall prey here.

Customers of Metamask should avoid copying numbers from the transaction history, and if you do, double-check them thoroughly. Addresses must be checked and double-checked before being sent. Use only hardware wallets. Fill your address book with frequently used information.The only way to be absolutely safe is to check every single character.