In another thread I saw people saying checking the first and last few characters of an address was enough. That is NOT the case.
There are attacks designed for tricking people who only check those characters, and a hardware wallet won't help you here!
I know of two different attacks (but I bet there are others) where they will:
- Send you a "similar" amount to something you have transferred recently, from a VERY similar address, hoping you will confuse and copy&paste the wrong address next time. For example, if you sent $1234, they might send you $0,1234 from an address where the first and last 4-6 characters match you intended recipient. Next time, if you copy and paste the address, even checking the first and last few characters, and you lose your money.
- Another similar attack, this time they plant an OUTGOING transaction in your wallet, for zero amount (it's called a zero amount token transfer) to an address where the first and last 4-6 characters match you intended recipient. Next time, you copy and paste the address, and you lose your money.
tl;dr: First few and last few characters are NOT enough.
One example I could find, without doxxing myself:
(NOTE: You have to go to etherscan settings and uncheck the "hide zero-value token transfers" to see the txs, this site hides them, but wallet software does not, and that's their target) https://i.imgur.com/Ck4BFSm.png
In there you will see this:
https://i.imgur.com/CwyQQDK.png
The attacker's addresses are grayed out, notice how the real recipient address (below) and the attack address (above) are similar. Capitalization is different for some, but in the case of my wallet they where identical. I assume the attacker found a wrong capitalization to be "good enough" for the attack I found.
A Hardware wallet will NOT protect you from this. If anything in my case (trezor one) it made it harder to spot the attack because the software, unlike sites like etherscan, doesn't do QoL stuff like hiding zero-token txs, or flagging attackers once reported.
Example of attack #1 can be found at /r/CryptoCurrency/comments/zryxd1/avoided_a_wallet_attack_zero_amount_tx_but/
Hope it helps someone not lose their money!
PLEASE, check the full address in the little screen, don't trust the first and last few characters!
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments