|
| 1 | +--- |
| 2 | +title: "Address Poisoning Scams: Protect Your Wallet" |
| 3 | +--- |
| 4 | + |
| 5 | +import { SecurityWarning } from "../keys/_security-warning.mdx"; |
| 6 | + |
| 7 | +# Address Poisoning Scams: Protect Your Wallet |
| 8 | + |
| 9 | + |
| 10 | +Address poisoning is one of the most successful cryptocurrency scams, with over $83 million stolen from more than 6,600 victims on Ethereum and Binance Smart Chain alone. Because Bittensor wallets have a similar vulnerability, users of Bittensor wallets should understand how to protect themselves. |
| 11 | + |
| 12 | +<SecurityWarning /> |
| 13 | + |
| 14 | +## What is Address Poisoning? |
| 15 | + |
| 16 | +Address poisoning exploits a simple human weakness: long wallet addresses are hard to read. |
| 17 | + |
| 18 | +Here's how the scam works: |
| 19 | + |
| 20 | +1. You make a transaction to a legitimate address (like `0x3b75...2712a`) |
| 21 | +2. An attacker generates a fake address that looks very similar (like `0x3b75...2712b` or `0x3b74...2712a`) |
| 22 | + - They do this by brute-force generating millions of private keys and checking for matches with target addresses |
| 23 | + - When they find one that matches the first and last characters of a target's address, they keep it |
| 24 | + - This is computationally expensive but profitable - it's called "vanity address generation" |
| 25 | +3. Within minutes—often less than 20 minutes—the scammer "poisons" your transaction history by sending you a tiny amount (or even zero) of tokens from their fake address |
| 26 | +4. Later, when you're in a hurry, you copy an address from your recent transactions or wallet history |
| 27 | +5. You accidentally send funds to the scammer's lookalike address instead of your intended recipient |
| 28 | + |
| 29 | +The transactions are irreversible. Your funds are gone. |
| 30 | + |
| 31 | + |
| 32 | +## What Makes Bittensor Vulnerable? |
| 33 | + |
| 34 | +Bittensor uses the Substrate blockchain framework, which, like Ethereum, represents addresses as long hexadecimal strings. This makes Bittensor wallets vulnerable to the same address poisoning tactics as most other blockchains. |
| 35 | + |
| 36 | +Both Substrate and Ethereum derive addresses from private keys using similar cryptographic processes: |
| 37 | +- **Private key** (random) → **Public key** (via elliptic curve) → **Address** (via hashing) |
| 38 | + |
| 39 | +You can't choose an address directly, but attackers can **brute-force generate millions of key pairs** until they find an address that matches the target pattern. This is computationally expensive but absolutely possible: |
| 40 | +- Matching 7 characters: achievable with a laptop CPU |
| 41 | +- Matching 14 characters: requires dedicated computing |
| 42 | +- Matching 20 characters: requires GPU clusters (some attackers use these!) |
| 43 | + |
| 44 | +[Research](#research-source) found that one attack group spent an estimated \$1.7 million on computing to generate their lookalike addresses, but made \$4 million in profit. |
| 45 | + |
| 46 | +Whether you're: |
| 47 | +- Transferring TAO |
| 48 | +- Managing stake |
| 49 | +- Delegating to validators |
| 50 | +- Sending funds to a coldkey |
| 51 | + |
| 52 | +## The Economics: Why This Scam Is So Prevalent |
| 53 | + |
| 54 | +[Research](#research-source) shows address poisoning is a highly profitable criminal enterprise: |
| 55 | + |
| 56 | +- Low success rate, high volume: Only 0.01% of poisoning attempts succeed, but scammers compensate by attacking millions of victims |
| 57 | +- Organized crime: The largest attack groups have made $26+ million in profit over two years |
| 58 | +- Cheap to execute: Each poisoning attempt costs only about \$1 on Ethereum and $0.01 on BSC |
| 59 | +- Sophisticated operations: Some groups use GPU computing to generate extremely convincing lookalike addresses with 20 matching characters |
| 60 | + |
| 61 | +One successful attack of $20,000 pays for 20,000 failed attempts. The math works in favor of the scammers. |
| 62 | + |
| 63 | +## Who's Most at Risk? |
| 64 | + |
| 65 | +[Research](#research-source) shows that scammers don't attack randomly. They specifically target users who: |
| 66 | + |
| 67 | +- Have high balances: Victims targeted had significantly more funds than average users |
| 68 | +- Are very active: Users making frequent transactions are attacked more often |
| 69 | +- Make large transfers: The bigger your typical transaction, the more likely you are to be targeted |
| 70 | +- Use centralized exchanges: Many attackers generate fake addresses mimicking exchange deposit addresses |
| 71 | + |
| 72 | + |
| 73 | +## How to Protect Yourself |
| 74 | + |
| 75 | +Address poisoning succeeds because of one thing: inattention during routine tasks. |
| 76 | + |
| 77 | +The best defense is simple but requires discipline: |
| 78 | +- Slow down when sending transactions |
| 79 | +- Verify addresses completely before clicking send |
| 80 | +- Use an address book instead of transaction history |
| 81 | +- Trust your caution, not your convenience |
| 82 | + |
| 83 | +Five extra seconds of verification can save you thousands of dollars. These aren't random attacks. If you're an active user with significant holdings, you're likely being targeted right now. Your transaction history may already be poisoned. |
| 84 | + |
| 85 | +### 1. Always Double-Check the Full Address |
| 86 | + |
| 87 | +Before sending any transaction: |
| 88 | +- Expand and read the complete address, not just the abbreviated version |
| 89 | +- Check the beginning AND the end—scammers match both |
| 90 | +- If possible, verify the address through a second channel (message the recipient, check a saved note, etc.) |
| 91 | + |
| 92 | +### 2. Use an Address Book |
| 93 | + |
| 94 | +- Maintain a saved list of trusted addresses with clear labels |
| 95 | +- Never select addresses from your transaction history—always use your saved address book |
| 96 | +- Most wallet applications support address books or contact lists |
| 97 | + |
| 98 | +### 3. Be Suspicious of Unexpected Transfers |
| 99 | + |
| 100 | +Scammers exist, so do not give unknown parties "the benefit of the doubt." If you receive unexpected transfers for very small amounts ("dust"), they are likely attempts to seed your transaction history for address poisoning. |
| 101 | + |
| 102 | +### 4. Send a Test Transaction First |
| 103 | + |
| 104 | +For large transfers: |
| 105 | +- Send a very small amount first |
| 106 | +- Verify the recipient received it |
| 107 | +- Then send the full amount |
| 108 | + |
| 109 | +This two-step process can save you from a costly mistake. |
| 110 | + |
| 111 | +### 5. Use Wallet Apps with Protection Features |
| 112 | + |
| 113 | +Some wallet applications and blockchain scanners now flag suspicious addresses or hide poisoning attempts. Keep your wallet software updated. |
| 114 | + |
| 115 | +The [TAO.app](https://www.tao.app) UI includes a warning for addresses flagged as suspicious. |
| 116 | + |
| 117 | +### 6. Never Rush Important Transactions |
| 118 | + |
| 119 | +Scammers count on you being in a hurry. If you're tired, distracted, or rushing your procedures, consider taking a break before conducting irreversible blockchain transactions. The blockchain will still be there in an hour. Your funds won't be if you make a mistake. |
| 120 | + |
| 121 | + |
| 122 | +## Learn More |
| 123 | + |
| 124 | +Your private key is your identity in cryptocurrency. One careless transaction can mean permanent, irreversible loss. Always verify. Always double-check. |
| 125 | + |
| 126 | +Further reading: |
| 127 | + |
| 128 | +- [Wallets, Coldkeys and Hotkeys in Bittensor](../keys/wallets.md) |
| 129 | +- [Working with Keys](../keys/working-with-keys.md) |
| 130 | +- [Coldkey and Hotkey Workstation Security](../keys/coldkey-hotkey-security.md) |
| 131 | + |
| 132 | +### Research Source |
| 133 | + |
| 134 | +This guide is based on the largest study of this scam to date: Tsuchiya, T., Dong, J.-D., Soska, K., & Christin, N. (2025). "Blockchain Address Poisoning," in *Proceedings of the 34th USENIX Security Symposium*. Seattle, WA, USA. [https://www.usenix.org/conference/usenixsecurity25/presentation/tsuchiya](https://www.usenix.org/conference/usenixsecurity25/presentation/tsuchiya) |
| 135 | + |
0 commit comments