Address poisoning is a form of attack in the crypto/Web3 world, especially on digital wallets like MetaMask. This attack is fraudulent and aims to deceive victims into accidentally sending crypto assets to the attacker's address.

How address poisoning works:

The attacker mimics the victim's address.

The attacker creates a wallet address that is very similar to the victim's address, particularly the first and last 4-6 digits (as those are usually what users see when verifying an address).

The attacker sends a small transaction to the victim.

The attacker then sends a small amount of tokens or "empty" transactions to the victim's wallet. The goal is simply to have the attacker's address appear in the victim's transaction history.

The victim mistakenly copies the address.

When the victim wants to send funds (for example, transferring crypto to their own wallet), they may copy the address from a previous transaction history, unknowingly copying the fake address belonging to the attacker.

Assets are lost.

As a result, assets are sent to the attacker's wallet, and the transaction on the blockchain cannot be reversed.

Tips to avoid address poisoning:

Always check the entire destination address before transferring, not just a few starting and ending digits.

Use the "Saved Addresses" or "Bookmarked Addresses" feature if available.

Use a wallet with additional security features, such as manual validation or whitelisting.

Never copy addresses from transaction history carelessly.