Table of Contents
Imagine sending your hard-earned crypto to what appears to be the correct address, only to discover a scammer has cleverly duped you.
This is the reality of address poisoning, a growing threat in the crypto world that inflicted at least $83.8 million in losses on crypto users between July 2022 and June 2024.
As this type of attack becomes more sophisticated and widespread, it’s crucial for every crypto user, from casual traders to seasoned investors, to understand how address poisoning works, why it’s so effective, and most importantly, how to avoid falling victim.
What is Address Poisoning in Crypto?
Address poisoning, also known as address spoofing, is a new scamming technique where a scammer attempts to confuse a wallet owner by sending them tiny bits of crypto with a fake wallet address that looks very similar to theirs. Then the owner sends funds to the scammer’s address, thinking it’s theirs. This scamming method is not as dangerous as phishing and hacking, but a victim can still lose their funds this way.
Address poisoning is so named because the perpetrators can successfully poison or contaminate the transaction history of their victims’ addresses by introducing dummy transactions. it is one of the newest vulnerabilities of the Web3, but victims can nip it in the bud if they know how it works.
How Does Address Poisoning Work?
We have divided this scam into three steps or stages. The scam isn’t successful until the third stage. The three stages are
- Address duplication
- Address poisoning
- Cryptocurrency rerouting
Let’s see how these crypto thieves get their hands on crypto funds.
1. Address Duplication
Firstly, transactions on the blockchain are public because the blockchain is a public ledger. This means anyone who cares to check can see your wallet address in the transaction history using a block explorer.
The scammers run these checks and gather a bunch of wallet addresses. Then they generate fake addresses called ‘vanity addresses’ that look similar to the ones they copied off the blockchain transaction history.
They can do this because crypto addresses are lengthy strings of numbers and letters that are difficult to memorise. So they generate addresses with the same first and last few characters as their intended victims. This is the first step before they go ahead to poison the addresses.
2. Address Poisoning
An address is poisoned when a scammer successfully sends tokens to it, creating a transaction history with a similar-looking address. This is the second step, and it is done to bait careless wallet owners.
Usually, the tokens sent are worthless or of very negligible value. Sometimes, it might even be an NFT. The scam has been more prevalent on the Polygon, Binance Smart Chain and even Ethereum blockchains because of the low transaction fees.
3. Crypto Rerouting
The attack is complete if you, as the wallet owner, copy the scammer’s address, and transfer funds to it, thinking it’s yours. It could be by giving the fake address to someone who wants to send you crypto or transferring your funds from a centralised exchange. We have tagged it crypto rerouting because, at this point, if you make any transaction, the tokens are rerouted to the scammer’s address.
Therefore, ensuring you do not complete the scam depends on your eye for detail and carefulness as a crypto wallet owner. But this can happen to even the most meticulous wallet users.
Also read: 5 Bitcoin Scams To Avoid
Real-World Examples of Address Poisoning Attacks
Here are some examples of address-poisoning attacks in crypto:
1. $2.6 Million USDT Loss (May 2025)
In May 2025, crypto security firm Cyvers announced to the world via X that a crypto trader had lost $2.6 million to an address poisoning scam. The trader initially lost $843,000 USDT before losing $1.75 million USDT to the same scammer three hours later.
2. EOS Blockchain Attack (March 2025)
In March 2025, SlowMist, a popular blockchain security company, raised an alarm about an address poisoning attack on the EOS blockchain.
The company warned that cyber criminals sent small amounts of EOS from lookalike addresses similar to major exchanges like Binance and OKX to trick users into sending their cryptocurrencies to these fraudulent addresses.
Risks of Address Poisoning
Address poisoning may seem harmless if the wallet holder catches the fake transactions before they mistakenly send crypto to the scammers. But on a closer look, When a crypto wallet address is poisoned, there are a few risks this poses to the wallet owner.
1. Losing All Owned Assets to Malicious Actors.
If a wallet holder falls prey to this attack, they could transfer many of their assets to the scammer before realising the error. At that point, it’s too late because transactions on the blockchain are irreversible.
They can transfer their assets from a centralised exchange to the scammer’s wallet, thinking it’s theirs. They could also reroute any crypto sent from another address to the scammer’s address.
2. Falling victim to other attacks, such as phishing or dusting attacks.
Address poisoning and dusting attacks start similarly but with different intentions. If your address is poisoned, the scammer can exploit the opportunity in various ways. They could send you NFTs with links to phishing sites or malware.
They could also carry out a dust attack to uncover your identity and blackmail you into doing whatever they want. Mostly, the end goal of all these crypto attacks is to steal crypto from unsuspecting holders, except in cryptojacking where they want to install malware on your computer to secretly use it for mining purposes.
How Do You Prevent Address Poisoning?
Technically, you cannot prevent a scammer from poisoning your address. However, you can take certain preventive measures to avoid falling victim to the address poisoning scam. Follow these best practices to avoid falling into this scam.
1. Use a Wallet Address Book.
Whether you have noticed a dummy transaction on your transaction history or not, it is wise to use s wallet address book. This contact list provides you with a record of the original addresses you interact with, including yours. Having an address book will eliminate the need to copy/paste addresses from your old transactions.
2. Use Cold Hardware Wallets
There are two reasons why cold wallets are much safer than hot wallets. The first is that it is difficult for just anyone to access the private keys. The second is that most hardware wallets have address confirmation software embedded in them. For example, the Ledger hardware wallet displays the address on the hardware. Therefore, using cold wallets can help reduce the risk of address poisoning to the barest minimum.
3. Test Your Addresses With Smaller Amounts.
Despite being extra careful by double-checking the addresses before sending funds, it’s still good to test the waters to be extra sure. You can send tiny bits of crypto to the intended address to be sure it’s the right one.
The only reason this option is unpopular is because of the extra gas fees for each transaction. However, spending an additional fee is better to ensure your funds land safely in the destination wallet, especially if you suspect that your wallet has been poisoned.
Note📌: If your wallet has been poisoned and you see that the scammer sent an NFT, do not click the link. Some wallets give the option to hide the NFT. Hiding it will help you avoid interacting with it if it contains phishing links.
The rise of this new scam method impresses even more on crypto holders to be more vigilant by using trusted crypto exchanges and wallet providers. It is especially crucial because some exchanges may not possess the level of security needed to protect your funds from attacks like this. The same goes for wallet providers and maybe even more since your wallet generates and safeguards your private keys.
How To Handle An Address Poisoning Attack
1. Stop All Outgoing Transactions Immediately
If you’ve just realized you may have copied a poisoned address, pause. Do not send any more crypto until you’ve reviewed everything carefully. Take a moment to manually verify the recipient’s address.
2. Review Your Transaction History Thoroughly
Go through your wallet’s recent activity and check for tiny, random transactions, usually a very small amount from unfamiliar addresses that look similar to ones you’ve interacted with. These are likely the poisoned addresses.
3. Create a Verified Contact List or Address Book
Don’t rely on memory or transaction history going forward. Instead, create a personal wallet address book using verified addresses. Label each address clearly (for example, “My Binance,” “John’s ETH wallet”) to avoid future mix-ups.
4. Move Funds to a Fresh Wallet
If you feel uneasy, consider transferring your funds to a new, clean wallet. This helps you start fresh without poisoned addresses lingering in your transaction history.
Verify every destination address manually, and if possible, use a cold or hardware wallet.
5. Report the Scam
While there’s no guarantee of recovering your funds, it’s still worth reporting the scam. You can contact your wallet provider or exchange to inform them about the scam or report the scam address on Etherscan, BscScan, or similar platforms.
How to Recover From a Poisoning Attack
1. Accept the Loss and Stop Further Transfers
If you send crypto to a poisoned address, the funds are gone, as blockchain transactions are final. You can immediately stop any further outgoing transactions until you verify your wallet’s safety and clean up your habits.
2. Clean Your Transaction History
You can’t delete your on-chain history but can stop relying on it. Instead, use a wallet that supports address books or contacts, where you save trusted addresses and ensure manual verification of all future transactions.
Also, ignore any tiny, suspicious transactions in your history. They’re likely poisoned entries meant to trick you again.
3. Tighten Wallet Security Habits
Start using these smarter habits going forward:
- Always verify full wallet addresses, not just the first and last few characters
- Avoid copying addresses from transaction history
- Enable notifications for wallet activity (if supported)
4. Report the Scam
Even if you can’t recover your funds, reporting helps protect others and raises their awareness of such tactics. So, flag the scam address on a blockchain explorer such as Etherscan, BscScan, or Solscan.
Alternatively, you can contact the customer support of your wallet provider, such as MetaMask, Ledger, or Trezor. These companies often urge their users to contact Customer Support immediately if they notice suspicious transactions or have inadvertently rerouted funds to a spoofed address.
Frequently Asked Questions (FAQs) About Address Poisoning in Crypto
Why is Address Poisoning Effective in Crypto Scams?
Address poisoning is effective in crypto scams because most wallet apps show only an address’s first and last few characters. Scammers exploit this by sending crypto from lookalike addresses, tricking users into copying the wrong one.
How Do I Know if My Wallet Address History is Poisoned?
You’ll know your address history is poisoned when you notice tiny incoming transactions from unfamiliar addresses that closely resemble those you’ve interacted with. These are usually inserted to trick you during future transfers.
Can You Recover Funds Lost to Address Poisoning?
You cannot recover funds lost to address poisoning, as crypto transactions are irreversible.
Once you send funds to a scammer’s address, you cannot get them back unless the scammer agrees to negotiate with you, if you are lucky, to send part of the funds back. However, most often, your best option is to report the scam and secure your wallet.
Conclusion
Address poisoning is a relatively new scamming technique that targets active wallet owners. It depends on a user’s negligence and carelessness and can happen to anyone. A poisoned address can still be used without the risk of losing funds if the user follows best practices such as double-checking addresses and even using cold hardware wallets.
Remember to report any suspicious transaction on your address and reach out to customer support if you discover that you’ve been scammed.
As far as crypto attacks are concerned, this is the one attack that requires just the carelessness of the holder to be successful. Hence, we advise every crypto holder to be more careful with their wallets and addresses.
Last updated on July 2, 2025
