Big Brother's Microphone:
Just recovered from a fever, I came across something that gave me chills.
A player was scammed out of nearly 50 million USDT by "address poisoning".
The scammer generated a fake address that looks "very similar" to the address you want to transfer to—same first and last characters, different ones in the middle. The user initially tested with a small amount successfully, but when transferring a larger amount later, they accidentally copied the "poisoned address" sent by the scammer from their history, and the money went directly into the scammer's pocket.
What’s even scarier is that the transaction record of this poisoned address (even if the amount is very small) will remain in the user's wallet history, and one might accidentally fall into the trap.
Actually, this situation is not completely unavoidable.
For example, Binance Wallet has now implemented interception: if you try to transfer to a marked scam address, it will pop up a warning and prompt you to compare similar addresses.
But I think this alone is not enough; the industry should:
1️⃣ By default, all wallets should verify "address similarity" and directly prevent sending if a poisoned address is detected;
2️⃣ A security alliance should maintain a real-time blacklist, and wallets should check it before sending transactions;
3️⃣ Automatically filter out small suspicious transactions (like 0 USDT transfers), to avoid polluting users' transaction history.
Technology can clearly do more, but many wallets have not kept up.
Protecting users is not just a slogan; it needs to start with these details.
Have you encountered similar situations? Or do you think wallets could do more to prevent this?
#Web3Security #AddressPoisoning #FraudPrevention #BlockchainSecurity #BinanceWallet
