Skip to main content
All CollectionsTransactions
What is address poisoning and how does Safe{Wallet} battle it
What is address poisoning and how does Safe{Wallet} battle it
Andrei Kirkkonen avatar
Written by Andrei Kirkkonen
Updated over a week ago

Address poisoning (or "address spoofing") is a relatively new way of tricking crypto wallet users and making them send funds to scammers.

How it usually works

  • A malicious actor scans a victim's transaction history to identify addresses that are frequently used for outbound ERC20 transfers

  • Then they generate one or more addresses that look very similar to the above, normally having the same (or almost the same) last 4 symbols

  • Finally, they generate a transaction that shows up in the wallet transaction history and mimics a legitimate transaction

In the screenshot below there's how it looks in the Safe{Wallet} UI. As you can see, a scammer sent an equal amount of USDC (which is a fake USDC but has the same symbol) and used an address that has the same 3 first symbols and 4 last symbols.

What happens next, usually, is a wallet user might copy the scammer's address thinking that they copy a legitimate one, and send real money to it.

How Safe{Wallet} protects users from address poisoning

We detect the transactions that look like imitations, using the criteria described above, plus the fact that a transaction wasn't executed by Safe itself.

These transactions are marked as malicious (see screenshot above) and a user gets a warning on copying this address (see screenshot below).

Did this answer your question?