Ledger took to X to reveal how crypto users are targeted by a scam known as “address poisoning”.
Address poisoning is a scam where scammers ‘poison’ a user’s wallet by sending a small amount of crypto or an NFT disguised as a voucher. The aim is to trick users into copying the scammer’s wallet address from their transaction history and returning the voucher. This will send funds to the scam account instead of a legitimate one.
“These dummy transactions are meant to deceive you into believing that you sent funds to their address in the past – but unless you initiate a transaction to one of these addresses on your own and sign the transaction with your Ledger, no value will actually be transferred from your account,” Ledger tweeted.
Scammers have been using open-source software to create addresses similar to Ledger addresses. They may create addresses with the same first four or five characters and the last four or five characters to trick users into sending them assets.
The scam has been particularly prevalent among users of Ledger Live, a crypto wallet management tool.
How to avoid the scam
If there are concerns that a wallet may be compromised or notice a suspicious transaction on an account, it’s best to disregard or ignore the transaction and the associated addresses.
Clicking on or following a link in a malicious NFT is insufficient to jeopardize a wallet. The only potential risks to wallets include sharing or typing out a 24-word recovery phrase or signing a malicious transaction with a Ledger device.
It’s best to avoid engaging with any unwanted tokens or addresses. Ledger advised users to right-click and ‘hide’ the token to remove it from visual sight.
In general, it’s best to be cautious of malicious links in a wallet that could lead to scam websites attempting to trick users into sharing sensitive information or authorizing harmful transactions.