Address poisoning (or "address spoofing") is a relatively new way of tricking crypto wallet users and making them send funds to scammers.
How it usually works
A malicious actor scans a victim's transaction history to identify addresses that are frequently used for outbound ERC20 transfers
Then they generate one or more addresses that look very similar to the above, normally having the same (or almost the same) last 4 symbols
Finally, they generate a transaction that shows up in the wallet transaction history and mimics a legitimate transaction
In the screenshot below there's how it looks in the Safe{Wallet} UI. As you can see, a scammer sent an equal amount of USDC (which is a fake USDC but has the same symbol) and used an address that has the same 3 first symbols and 4 last symbols.
What happens next, usually, is a wallet user might copy the scammer's address thinking that they copy a legitimate one, and send real money to it.
How Safe{Wallet} protects users from address poisoning
We detect the transactions that look like imitations, using the criteria described above, plus the fact that a transaction wasn't executed by Safe itself.
These transactions are marked as malicious (see screenshot above) and a user gets a warning on copying this address (see screenshot below).
