[Security Digest] Address Poisoning Attack on Crypto Wallets
January 31, 2023
🏃 🏃 Phishing is a prevalent tactic employed by cybercriminals, where they impersonate legitimate entities such as individuals or organizations, by creating fake email addresses and website addresses. The aim is to deceive victims into believing that they are interacting with people or companies they trust, thereby gaining access to sensitive information or assets. It is important to be vigilant and verify the authenticity of any email or website before providing sensitive information or accessing assets, as this is a very common method used by attackers.
👉 Attackers are now using the same techniques with cryptocurrency wallet addresses. This is how it works:
• Attackers check the public blockchain for recent transactions. Each transaction has a sending and receiving wallet address.
• Attackers create a fake wallet address similar to one of the addresses in a transaction.
• Attackers then send a very small amount of cryptocurrency to the other address in the transaction.
• Attackers use phishing tactics to deceive victims into sending cryptocurrency to a malicious address that closely mimics a legitimate one. They send a small transaction to the victim's wallet, and the fake address appears in their transaction history. The attackers then wait for the victim to mistakenly send cryptocurrency to the fake address, similar to how phishing emails trick individuals into responding to a fraudulent email address.
🤔 It's crucial to exercise caution when handling sensitive information online. To protect yourself from phishing scams, it is important to verify the authenticity of website addresses before clicking on them, particularly in emails. Additionally, it is essential to double-check email addresses before sending any sensitive information. It's easy to overlook small variations in an address, such as a single altered letter or number, but these small differences can make a big impact on the safety of your information.
Want to subscribe your team to weekly posts like this in Slack? Check out Heakka Streams. All Streams are 100% customizable by admins before they are sent to your team.
Schedule a demo
Get started with a free trial by scheduling a demo today. One of our training experts will walk you through a live Haekka demo.
Maximize your organization's security training budget with our program that saves you 75% on annual costs while boosting employee comprehension and satisfaction.