> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Address Poisoning

> Learn how address poisoning attacks use look-alike wallet addresses and dust transactions to trick you into sending crypto to scam wallets.

## Overview

**Address poisoning** is a social engineering attack where attackers send small transactions from addresses that look similar to ones you've previously interacted with. The goal is to trick you into copying the wrong address when making future transfers.

<Warning>
  Address poisoning has caused millions in losses. Always verify the full address, not just the first and last few characters.
</Warning>

## How It Works

1. **Monitoring**: Attacker watches your transaction history
2. **Address Generation**: Creates address with similar start/end characters
3. **Poisoning**: Sends tiny transaction (dust) to your wallet
4. **Deception**: Fake address appears in your transaction history
5. **Theft**: Victim copies poisoned address for next transfer

## Example Attack

Your regular recipient:

```text theme={null}
0x1234...abcd
```

Poisoned address (looks similar):

```text theme={null}
0x1234...abce
```

The attacker generates an address matching the first 4 and last 4 characters, hoping you'll copy from history without verifying the full address.

## Detection Indicators

| Tag                 | Severity | Description                           |
| ------------------- | -------- | ------------------------------------- |
| `address_poisoning` | High     | Address involved in poisoning attacks |

## Why It's Effective

* **Transaction history UI**: Most wallets show truncated addresses
* **Copy habits**: Users often copy from recent transactions
* **Similar appearance**: Human eyes struggle with hex comparison
* **Low cost**: Generating similar addresses is computationally cheap

## Vulnerable Scenarios

### High Risk

* Copying addresses from transaction history
* Using auto-complete in wallet apps
* Sending large transfers without verification

### Lower Risk

* Using saved address book entries
* Scanning QR codes directly
* Verifying full addresses character by character

## API Example

```bash theme={null}
# Check if an address has been involved in poisoning
curl -X GET "https://api.webacy.com/addresses/0x123.../poisoning?chain=eth" \
  -H "x-api-key: YOUR_API_KEY"
```

Response example:

```json theme={null}
{
  "poisoning_detected": true,
  "status": "success",
  "summary": {
    "total_suspicious": 1,
    "high_risk_count": 1
  },
  "suspicious_transactions": [
    {
      "from": "0x1234567890abcdef1234567890abcdef12345678",
      "to": "0x2e5df068f6cF3A1A3e0A70951c685021CB2954C0",
      "tx_hash": "0x79e7b0a45a73b86fe51882d2553355e15bda7bebb6c3e222c09d8fd2f43aa076",
      "similar_to": "0x1234567890abcdef1234567890abcdef12345679",
      "similarity": 0.95,
      "levenshtein": 2,
      "suspicion_score": 0.85,
      "token_name": "USDT",
      "value": "0"
    }
  ]
}
```

## Protection Strategies

1. **Verify full addresses** - Check every character, not just start/end
2. **Use address books** - Save verified addresses in your wallet
3. **Double-check large transfers** - Extra verification for significant amounts
4. **Ignore dust transactions** - Don't interact with unexpected small deposits
5. **Use QR codes** - When available, scan rather than copy/paste
6. **Enable address validation** - Some wallets can warn about similar addresses

## Wallet Best Practices

```javascript theme={null}
// Never trust truncated addresses
const isSameAddress = (addr1, addr2) => {
  // Always compare full addresses, case-insensitive
  return addr1.toLowerCase() === addr2.toLowerCase();
};

// Bad: Only checking first/last characters
const badCheck = addr.slice(0,6) === saved.slice(0,6); // DON'T DO THIS
```
