Binance's New Security Algorithm

The security experts at Binance, the world's largest cryptocurrency exchange, have developed a groundbreaking algorithm to counter the rising threat of address poisoning scams.

These scams trick investors into sending funds to fraudulent addresses. According to a report shared with Cointelegraph, Binance's new tool has already detected millions of such addresses.

"We have developed a unique method of identifying poisoned addresses, which helps us to alert users before they send money to criminals," Binance's report stated. The algorithm has flagged over 13.4 million spoofed addresses on BNB Smart Chain and 1.68 million on Ethereum.

How Address Poisoning Works

Address poisoning, or spoofing, involves scammers sending a small amount of digital assets to a wallet that closely resembles the potential victim's address.

The fraudulent address is then part of the wallet's transaction history. The scammer hopes the victim will accidentally copy and send funds to the spoofed address.

Binance's algorithm identifies suspicious transfers, such as those with near-zero value or unknown tokens. It pairs these transfers with potential victim addresses and timestamps malicious transactions to find the likely point of poisoning.

Collaboration with HashDit

The spoofed addresses are registered in the database of Web3 security firm HashDit, Binance's security partner. This will help protect the broader crypto industry from poisoning scams.

"Many cryptocurrency service providers use HashDit's API to boost their defenses against various scams," Binance's report highlighted. Trust Wallet, for instance, uses this database to alert users when they are about to transfer funds to a spoofed recipient.

Address Poisoning Incident

The need for such an algorithm became particularly evident two weeks ago. An unknown trader lost $68 million to an address-poisoning scam. On May 3, they accidentally sent $68 million worth of Wrapped Bitcoin (wBTC) in a single transaction to a spoofed address.

The thief returned the $68 million on May 13. This occurred after numerous on-chain investigators started shedding light on his potential Hong Kong-based IP addresses. This suggests that the scammer wasn't a white hat hacker but a thief who became scared of the public attention following the scam.

"Address poisoning scams may seem easily avoidable, but most traders only verify the first and last digits of the wallet's 42 alphanumeric characters."

The Future of Crypto Security

Scammers rely on vanity address generators to customize their addresses to seem less random or more similar to a given address. An authentic Ethereum address like 0x19x30f...62657 could be spoofed using a similar-looking 0x19x30t...72657, which can be totally different in the middle while maintaining the first and last few characters.

Binance's algorithm will also help flag spoofed addresses on HashDit's user-facing products, web browser extensions, and MetaMask Snaps. This development marks a significant step forward in the ongoing battle against crypto scams, aiming to make the digital world safer for all users.