CZ is calling on the cryptocurrency industry to eradicate address poisoning attacks by having wallets automatically check for malicious addresses, block transactions, and hide small-value spam transactions.
In a December 24th post on Binance Square, CZ argued that this problem can be solved using blockchain queries and real-time coordination mechanisms between parties, rather than relying on users to identify risks themselves.
- The wallet should automatically check if the receiving address is being poisoned and block the user.
- There should be a security alliance that maintains a blacklist in real time.
- Wallets should hide spam transactions and filter out small-value transactions.
CZ's proposal to block address poisoning.
CZ suggests that cryptocurrency wallets can block address poisoning by checking the recipient's address, cross-referencing in real-time, and filtering out spam transactions.
According to CZ, every wallet should determine XEM the receiving address is a poisoning address and automatically block users who send emails by mistake. He emphasized that this is a blockchain query, implying it can be performed directly using on-chain data without complex manual processes.
CZ also suggested that security alliances in the industry maintain real-time blacklists of malicious addresses for wallets to check before sending transactions. Besides blocking incorrect sends, he argued that wallets shouldn't display spam transactions anywhere; if a transaction is of small value, it should be filtered out of the interface to reduce interference.
Deployment status and examples from Binance Wallet
CZ said Binance Wallet has implemented a verification mechanism and will warn users when they attempt to send money to a malicious address.
In the post, CZ clarifies that Binance Wallet has implemented this type of check. When a user attempts to send assets to a malicious address, the wallet issues a warning to prevent the fraudulent operation. This approach focuses on blocking the transaction before it is sent, rather than only addressing it after the user has lost funds.
CZ concluded that the wallet ecosystem should prioritize user protection through secure defaults: blocking malicious addresses, real-time blacklisting, and hiding or filtering spam transactions, especially small-value transactions, to reduce the likelihood of users being tricked into copying addresses.
