Crypto cybersecurity firm Trugard and onchain trust protocol Webacy have introduced an artificial intelligence-based system designed to combat crypto wallet address poisoning. This new tool aims to protect crypto users from a sneaky scam that could result in loss of funds.
According to a May 21 announcement, this AI-driven system is integrated into Webacy’s crypto decisioning tools. It employs a supervised machine learning model trained on live transaction data, coupled with onchain analytics, feature engineering, and behavioral context.
The tool reportedly achieves a 97% success rate, based on tests conducted across known address poisoning cases. Maika Isogawa, co-founder of Webacy, emphasizes the severity of the threat, stating, “Address poisoning is one of the most underreported yet costly scams in crypto, and it preys on the simplest assumption: That what you see is what you get.”
Understanding Crypto Address Poisoning
Crypto address poisoning is a deceptive tactic where attackers send small amounts of cryptocurrency to a wallet address that closely resembles the target’s actual address. The attacker’s address often shares the same starting and ending characters, making it easy to mistake for the correct one. The goal is to trick the user into inadvertently copying and reusing the attacker’s address in future transactions, leading to a loss of funds.
This technique exploits the common practice of users relying on partial address matching or clipboard history when making crypto transactions. A January 2025 study revealed that over 270 million poisoning attempts occurred on BNB Chain and Ethereum between July 1, 2022, and June 30, 2024. Alarmingly, 6,000 of these attempts were successful, resulting in losses exceeding $83 million.
How the AI Tool Works
Trugard CTO Jeremiah O’Connor explains that the team leverages their extensive cybersecurity expertise from the Web2 world, applying it to Web3 data. They use algorithmic feature engineering, a technique well-established in traditional systems, to analyze Web3 transactions.
O’Connor notes that existing Web3 attack detection systems often rely on static rules or basic transaction filtering, which struggle to keep pace with evolving attacker tactics. In contrast, the newly developed system employs machine learning to create a dynamic defense that learns and adapts to address poisoning attacks. He highlights the system’s emphasis on context and pattern recognition, while Isogawa adds that AI can detect patterns that are often beyond the scope of human analysis.
The Machine Learning Approach in Detail
To train the AI, Trugard generated synthetic training data that simulates various attack patterns. This allowed the model to learn in a controlled environment. The model was then trained using supervised learning, a technique where it learns from labeled data, including input variables and the corresponding correct output.
The objective is for the model to discern the relationship between inputs and outputs, enabling it to accurately predict the correct output for new, unseen inputs. Supervised learning is commonly used in applications such as spam detection, image classification, and price prediction.
O’Connor emphasizes that the model is continuously updated with new data as attack strategies evolve. Furthermore, a synthetic data generation layer allows for continuous testing of the model against simulated poisoning scenarios. This ensures the model remains robust and adaptable over time.
Key Benefits of the AI-Powered System:
- High Accuracy: Boasts a 97% success rate in detecting address poisoning attempts.
- Adaptive Learning: Uses machine learning to adapt to new and evolving attack tactics.
- Contextual Analysis: Emphasizes context and pattern recognition for more accurate detection.
- Continuous Improvement: Updated with new data and tested against simulated scenarios to maintain robustness.
Protecting Yourself from Address Poisoning
While this AI-powered tool provides a significant layer of protection, crypto users should also take proactive steps to safeguard their funds:
- Double-Check Addresses: Always verify the full address before sending cryptocurrency.
- Use Address Books: Store frequently used addresses in your wallet’s address book.
- Be Cautious of Small Transactions: Be wary of unexpected small transactions from unknown addresses.
- Use Security Tools: Consider using wallets or browser extensions that offer address poisoning detection features.
By combining advanced AI-driven solutions with proactive user awareness, the crypto community can effectively combat address poisoning attacks and protect their digital assets.
