TLDR
Attacker uses vanity address generator (profanity/vanity eth) to create address matching victim's recent counterparty in first 4 + last 4 chars. Sends zero value or 1 wei tx from this lookalike. Victim then copies attacker's address from...
How it works
Attacker uses vanity address generator (profanity/vanity eth) to create address matching victim's recent counterparty in first 4 + last 4 chars. Sends zero value or 1 wei tx from this lookalike. Victim then copies attacker's address from...
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1WHAT TO DO: NEVER copy addresses from tx history; verify FULL 40 char address; use ENS/saved contacts.
- 2IF VICTIM: tx irreversible; report attacker wallet to Etherscan label + Chainabuse.
Source
Etherscan-AddressPoisoning
Source reviewed by Mythos Forensic Team
https://info.etherscan.com/what-is-address-poisoning/FAQ
Is Address poisoning — zero value tx from vanity lookalike a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
WHAT TO DO: NEVER copy addresses from tx history; verify FULL 40 char address; use ENS/saved contacts.; IF VICTIM: tx irreversible; report attacker wallet to Etherscan label + Chainabuse.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.