Address Poisoning Scams
Address poisoning is a wallet scam that uses lookalike destination addresses to mislead users during routine wallet activity. In Bittensor, the address-poisoning guide frames the risk around checking destination addresses before signing value-bearing actions (Address Poisoning Scams).
The concept is a prevention topic. It explains how a valid-looking address can still be the wrong destination, especially when interfaces abbreviate long addresses.
Lookalike Address Risk
The scam works by making an unintended destination look familiar enough to trust. Long wallet addresses are often shortened in interfaces, and a malicious address can resemble a legitimate one at the visible edges (Address Poisoning Scams).
That makes address display part of the risk. The visible prefix or suffix may look familiar while the full address points somewhere else.
Wallet Context
Bittensor wallets are used for actions involving TAO and subnet participation. Wallet documentation places wallets around signing, access, and stake management, while the address-poisoning guide focuses on the destination chosen for a value-bearing action (Wallets, Address Poisoning Scams).
This makes destination review a wallet-safety concern, not a cosmetic interface detail. The wallet may be functioning normally even when the chosen destination is wrong.
Recent-History Trap
Address poisoning often abuses convenience. A lookalike address may appear near legitimate wallet activity, so selecting from recent history can feel safer than it is (Address Poisoning Scams).
The trap is contextual familiarity. A user may recognize the apparent shape of an address without confirming that the complete destination matches the intended recipient.
Destination Verification
The core safety boundary is destination verification before signing. The relevant question is not only whether an address is syntactically valid; it is whether that address is the intended destination (Address Poisoning Scams).
This distinction keeps prevention focused on the final destination. Visual familiarity, recent history, and address validity do not replace full-destination confirmation.
Valid-Address Boundary
Address poisoning depends on a subtle distinction: the scam address can be a real wallet address and still be the wrong recipient. The wallet-address glossary describes addresses as public-key-derived identifiers, while the address-poisoning guide focuses on checking the intended destination before signing a value-bearing action (Glossary: Wallet Address, Address Poisoning Scams).
For readers, validity and intent should stay separate. A valid-looking address may pass format checks, but it still needs to match the recipient the user actually meant to pay.
Address Terms
Address poisoning targets wallet-address interpretation. A wallet address is a public-key-derived identifier used for sending and receiving TAO, while a public key is shareable key material used for account reference (Glossary: Wallet Address, Glossary: Public Key).
The scam exploits confusion between valid identifiers. It does not require the intended address to become invalid; it only needs the wrong address to be selected.
Recovery Boundary
Wrong-destination actions are prevention-first risks. The address-poisoning guide warns that outside organizations may not be able to recover tokens lost through theft, scams, or accidental key loss (Address Poisoning Scams).
That makes the topic different from a recovery workflow. The safety value comes from confirming the destination before the action is signed.
Development Stage Context
The Introduction to Bittensor describes subnet development as moving from localnet to testnet and then mainnet. Bittensor documentation also separates mainnet, testnet, and localnet environments (Bittensor Networks).
Address poisoning is still a wallet-safety concept across environments because the risky step is choosing a destination address. The consequence, however, depends on the environment and action. A mainnet loss, a testnet example, and a local demonstration do not carry the same value exposure.
Reader Boundary
Address poisoning scams should be read as destination-verification risk. The term is not a wallet bug, a public-key failure, or a recovery guarantee (Address Poisoning Scams, Wallets).
The stable reference point is that a familiar-looking address can be valid and still be the wrong destination.
Vanity Generation Matches Edge Characters
The Address Poisoning Scams guide explains that attackers do not need to compromise an existing wallet to produce a dangerous lookalike. They use vanity address generation: searching through many newly generated key pairs until one yields a wallet address whose visible beginning and ending characters match a target they want to impersonate.
Official documentation describes that search as computationally expensive but still profitable when a user later sends value to the wrong destination. A regular user cannot pick a personal address directly, but an attacker can keep generating pairs until the visible edges line up with someone they observed on-chain or in a shared payment request.
That mechanism sits upstream of interface abbreviations. The scam address is a real, independently generated destination whose similarity is manufactured at the character edges rather than through any defect in the victim’s coldkey or wallet software.
References: Address Poisoning Scams, Glossary: Wallet Address
Dust Transfers Seed Wallet History
Address poisoning often begins with a tiny inbound transfer. The official guide warns that unexpected transfers for very small amounts are likely attempts to seed a wallet’s transaction history with a lookalike address (Address Poisoning Scams).
Those dust movements are not meant to steal funds through the micro-payment itself. They are setup steps that place a confusing destination near legitimate activity so a hurried copy from recent history feels plausible later. The trap depends on that seeded entry being treated as familiar context rather than on breaking address validity rules.
Recognizing dust as a probable poisoning signal therefore belongs to attack recognition, not only to the final send step. A surprise small credit can be the moment the trap address enters the wallet surface a user later trusts when moving TAO.
References: Address Poisoning Scams, Glossary: Transfer
Wallet Tools Can Flag Suspicious Addresses
Official guidance notes that some wallet applications and blockchain scanners now flag suspicious addresses or hide poisoning attempts, and it recommends keeping wallet software updated (Address Poisoning Scams). The same page states that the TAO.app UI includes a warning for addresses flagged as suspicious.
Those warnings sit alongside user-side destination verification rather than replacing it. A flagged lookalike may be blocked or highlighted before a value-bearing action is signed, but the underlying risk still begins with selecting the wrong wallet address.
Tooling updates therefore change how early the trap surfaces, not whether a manufactured lookalike can exist on-chain. Updated wallet surfaces can shrink the window where a seeded address looks normal in history alone (Wallets).
References: Address Poisoning Scams, Wallets
Relationship to Coldkey
Address poisoning and the coldkey are related but different wallet-safety terms. Address poisoning names a destination-selection deception that plants a lookalike wallet address for a value-bearing action, while a coldkey names the key that owns a wallet and authorizes its funds (Address Poisoning Scams, Glossary: Coldkey).
For readers, address poisoning targets which destination is chosen, not the security of the key that signs. The scam address is an independently generated wallet address, so it does not depend on any defect in the victim’s coldkey or wallet software (Glossary: Wallet Address).
These terms sit on different layers. A coldkey is the authority that approves an action, while address poisoning can work even when that authority is intact, because it relies on the user directing a legitimately signed action to the wrong recipient (Address Poisoning Scams).
Readers should not treat an uncompromised coldkey as protection against address poisoning, or read an address-poisoning loss as evidence that the coldkey itself was breached.