Binance Develops ‘Antidote’ To Tackle Poisoning Scams After $68M Exploit
Binance's security experts have developed an “antidote” to the growing address poisoning scam that tricks investors into voluntarily sending their funds to fraudulent addresses.
The security team of the world's largest cryptocurrency exchange created an algorithm that discovered millions of poisoned crypto addresses, according to a report shared with Cointelegraph.
“We have developed a unique method of identifying poisoned addresses that helps us to notify users before they send money to criminals and was instrumental in identifying and flagging over 13.4 million compromised addresses on BNB Smart Chain and 1.68 million on Ethereum.”
Address poisoning, or address spoofing, is where fraudsters send small amounts of digital assets to a wallet to closely resemble the victim's address to make it part of the wallet's transaction history—hoping the victim will accidentally copy it. funds to their address.
Binance's algorithm first identifies suspicious transactions by identifying tokens with zero or unknown values, matching them with victim addresses, and detecting malicious transactions in time to detect the possibility of poisoning.
Hacked addresses are registered in the database of Web3 security firm HashDit, Binance's security partner, which helps protect the broader crypto industry from poisoning scams, according to Binance's report.
“Many cryptocurrency service providers use HashDit's API to enhance their protection against various scams. One of them, for example, is TrustWallet, which uses a database of poisoned addresses to warn users about to transfer money to a poisoned recipient.
The algorithm helps identify hacked addresses in HashDit's user-specific products, web browser extensions, and MetaMask Snaps.
Related: Post-FTX crypto industry needs education before regulation – former Biden adviser
Address poisoning is a growing concern in the wake of the $68 million fraud.
The need for a defensive algorithm became apparent two weeks ago after an unknown trader lost $68 million to an address poisoning scam. They sent $68 million worth of Wrapped Bitcoin (wBTC) to a compromised address on May 3 in a single transaction.
Many on-chain investigators have identified a Hong Kong-based I.P. In a lucky but mysterious turn of events, the thief recovered $68 million on May 13 after they started shining a light on their address. This indicates that the fraudster is not a white hat hacker but a thief who is afraid of public attention following the fraud.
Address poisoning fraud may seem easy to avoid, but most merchants only verify the first and last digits of the wallet's 42 alphanumeric characters because most protocols only display the first and last digits.
Making matters more difficult, fraudsters rely on address generators to make their addresses appear random or similar to a given address, according to Binance.
A valid Ethereum address can be overwritten using 0x19x30t…72657, which looks similar to 0x19x30f…62657, which preserves the first and last few characters and can be completely separated in the middle.
RELATED: Ether Inflation Changes For First Time After Merger
