Crypto Address Confidence FAQ

ZAFU is for everyday crypto users, self-custody users, active traders, freelancers, and professional operators who want more confidence in the recipient address before funds move. The same workflow helps with a small exchange withdrawal, a repeat stablecoin payment, or a higher-value operator transfer.

Yes. ZAFU is not only for teams. It helps individuals review recipients before transfers, withdrawals, swaps, and DeFi actions by showing trusted address history, warning signals, source evidence when available, and the full segmented address.

The address book is ZAFU's local-first trusted address memory. It stores trusted contacts, protected wallets, labels, notes, and history-derived context on your device so the extension can compare new sends against addresses you already recognize.

Protected wallets are addresses you control. Marking them helps ZAFU distinguish your own wallets from external recipients during review. ZAFU still cannot read private keys, sign transactions, or move funds from those wallets.

Trusted address history means ZAFU can recognize addresses you have saved or previously interacted with through supported local history workflows. It is evidence for review, not a guarantee about the person or service currently controlling that address.

Source evidence is recent address-only copy context, such as an address copied from Telegram Web. ZAFU uses it to show whether the pasted address still matches what you copied. It does not store chat text, sender identity, group names, or message IDs.

A public checker can show format results and public warning signals. The ZAFU Extension adds private context the checker cannot see: your trusted address book, protected wallets, copied source, paste destination, and final Transfer Check inside wallet, exchange, and dapp flows.

No. ZAFU is researching shared trusted address books, operator reviews, verification receipts, and audit trails with design partners. Paid Teams and Pro products are not live yet.

Address poisoning is an attack where a scammer sends a zero-value transaction from an address that visually resembles one of your trusted contacts — same first and last characters, different middle. The fake address appears in your transaction history. When you copy an address from history to reuse it, you may copy the fake one and send funds to the attacker.

Clipboard hijacking is a malware technique where software on your computer monitors your clipboard and silently replaces any crypto address you copy with an attacker's address before you paste. The replacement is invisible. The hijacked address is the same length and format as a real address.

Address poisoning manipulates your transaction history: the attacker plants a lookalike address so you copy the wrong one yourself. Clipboard hijacking uses malware to replace the correct address you copied with a malicious one. Both attacks result in you pasting the wrong address. Both exploit the exact same window: the moment between copy and paste.

Attackers use vanity address generators: tools that brute-force millions of addresses per second until they find one matching a target prefix and suffix. For EVM addresses, matching the first 6 and last 4 characters typically takes minutes on a GPU. This is why checking only the start and end of an address is not enough protection.

In January 2026 alone, there were 3.4 million address poisoning attempts on Ethereum and more than $300 million lost to phishing. Browser-based clipboard attacks drained an estimated $713 million in 2025. These attacks scale with no marginal cost to attackers: generating 10,000 poisoning transactions costs pennies in gas on cheap L2s.

To verify a crypto address before sending: (1) Compare every character, not just the first and last few. (2) Check it against known warning lists. (3) Verify it against your own history — if it appeared as an unsolicited incoming transaction with no value, it may be a poisoning attempt. (4) Use a tool like Zafu that automates these checks at paste time, before the address reaches your wallet.

No. Address poisoning attacks specifically exploit this habit. Attackers generate addresses that share the same first 6 and last 4 characters as your trusted contacts using vanity address tools. The cautious approach is to compare the full address character-by-character, or use a tool that does it automatically.

A hardware wallet prompts you to verify the destination address on the physical device screen. This can protect against clipboard hijacking if you carefully read the full address on-device. However, it does not protect against address poisoning. If you already copied the wrong address from your history, you would see the poisoned address on the device screen and likely confirm it.

No. Cryptocurrency transactions are irreversible. Once confirmed on-chain, funds cannot be recovered without the recipient's cooperation. This is why prevention — catching the wrong address before you send — is the only effective protection.

ZAFU is a free Chrome extension for address confidence before crypto sends. It combines trusted address memory, source evidence, full address review, clipboard hijacking detection, address history checks, curated warning lists, community-reported addresses, and GoPlus real-time threat data. It never touches your wallet, private keys, or signing process.

Transfer Check is the extension's final review before a crypto address reaches a wallet, exchange, or dapp field. It summarizes copied-address match, source evidence when available, warning signals, field context, and the full segmented address so you can review before sending.

No. The free extension and checker are built for everyday crypto users too. ZAFU is researching additional team workflows, but those future products are separate from the live free tools.

When Zafu users report a suspected attacker address, the report is added to a community signal pool. Once an address accumulates enough independent signal weight, Zafu can warn other users. Community-reported means high risk; team-reviewed or trusted external confirmation is required before stronger "confirmed malicious" language is used. The Security Model explains the current privacy and review boundaries.

Zafu sends pasted EVM addresses to GoPlus for real-time threat checks, public wallet addresses to Etherscan or Solscan only when you fetch history, and suspected attacker addresses to Zafu community reports if you report them or opt in to automatic threat signals. Labels, notes, trusted contacts, private keys, seed phrases, and wallet credentials stay on your device.

The Chrome extension source is public and auditable at github.com/jimozo/zafu-extension. Zafu's private operating repo also contains website, backend, launch, and automation work that is not part of the public extension release. No bundler, no CDN scripts, no npm dependencies in the extension: the release source is readable. Zafu also ships a verifiable install fingerprint you can compare in Settings to confirm your install matches the published release.

Chrome shows that warning because Zafu must see crypto-address paste events before the destination field accepts them. That is how it can catch clipboard hijacking and address poisoning at the paste moment. Zafu does not request tabs or activeTab, does not read browser history, does not run advertising analytics, and only activates address-checking logic when a crypto address is pasted in a relevant wallet, exchange, or dapp context.

Zafu works with any web-based wallet or exchange: MetaMask, Rabby, Phantom, Coinbase Wallet, Binance, Kraken, Uniswap, Aave, and hundreds more. Zafu operates at the browser level, intercepting paste events regardless of which wallet or dApp you use. It does not require wallet integration or any special permissions from your wallet.

Yes. Zafu detects clipboard hijacking, address poisoning, and scam addresses for both EVM addresses (Ethereum, Arbitrum, Base, Polygon, and all EVM-compatible chains) and Solana addresses (including system program impersonation detection). ENS name resolution is also supported for EVM, and v1.1.7 adds local TRON validation and comparison.