𝐀𝐝𝐝𝐫𝐞𝐬𝐬 𝐏𝐨𝐢𝐬𝐨𝐧𝐢𝐧𝐠 𝐏𝐡𝐢𝐬𝐡𝐢𝐧𝐠 𝐇𝐚𝐜𝐤𝐬: what they are and how to spot them

What is "Address Poisoning" exactly?
It's a type of attack where a hacker gets you to copy a wallet address that looks VERY similar to one that you control, but is actually their own. The hacker's goal is for you to send them money by mistake.

Check out this example, which includes multiple attacks in just 1 screenshot:

Etherscan screenshot

User 0x95E was sent 2,500 USDC from their friend 0x7AE1F70f.

A few minutes later 0x95E was sent a fake token called "ERC-20 USDC" from another account belonging to the hacker: 0x7ae11D. Notice how similar that token name is to the real USDC token and the hacker's address nearly matches the friend's address.

Another few seconds later $0.0125 real USDC was sent by another hacker wallet: 0x7AE13…DDA83. The hackers are sending REAL money plus the first 4 and the last 4 digits all match the friend's address. Very nefarious!!

You can spot these fake tokens easily because etherscan and wallets will mostly hide them, but sometimes hackers might even send you a small amount of REAL tokens in hopes that you will copy their address and make a mistake by sending them a lot more.

Avoid this phishing attack by:
1. Always going slow. take your time when moving money.
2. Double check addresses when signing
3. NEVER copy addresses you are sending to from block explorers
4. Double check with your friends before sending money

I'm making this thread now because this is a very common way people lose funds and I am currently being targeted by hackers today. People lose so much to address poisoning attacks it has become profitable for hackers to even send real money.

Remember: Go slow like a snail.

Further discussion here too: https://x.com/CupOJoseph/status/1893005886513389769