The crypto market has surged in 2024, with trading volumes reaching $141.04 trillion. Unfortunately, scams have kept pace, and “address poisoning” has emerged as a highly effective tactic targeting both new and seasoned traders. This blog breaks down what address poisoning is, how it works, and how to protect yourself from this deceptive scam.
With cryptocurrencies reaching all-time highs and retail investors increasingly entering the market, scams targeting crypto holders have become more sophisticated. One of the latest threats is “Address Poisoning,” a subtle but effective scam aimed at deceiving unsuspecting investors. Here’s how the scam works and what you can do to protect yourself.
What Is Address Poisoning in Cryptocurrency?
Address poisoning is a scam that exploits the way cryptocurrency wallets record transaction history. The scammer sends a small amount of crypto (often just a fraction of a cent) to the victim’s wallet from an address that closely mimics one the victim recently interacted with. The goal is to “poison” the victim’s transaction history with a fake address, hoping they will mistakenly send funds to it in the future.
How Do Scammers Poison Wallet History?
With the transparent nature of blockchain transactions, scammers can identify a target address and monitor its activity. Once they spot a pattern—such as repeated transactions with a particular wallet—they create and use a similar-looking wallet address to send a small amount of cryptocurrency to the victim. This fake address is designed to mimic the wallet the victim frequently interacts with, tricking them into selecting it in future transactions.
For example, say a user regularly transfers Ethereum from their Coinbase account to their MetaMask wallet. The genuine MetaMask wallet address 0xABC123789XYZ. A scammer, observing these transactions on the blockchain, creates a fake Ethereum address that closely resembles the user’s wallet, such as 0xABC124789XVZ.
To execute the scam, the scammer sends a negligible amount of Ethereum (e.g., $0.01 worth) to the user’s wallet from this fake address. This action “poisons” the user’s transaction history by inserting the fake address alongside their legitimate ones.
Later, when the user wants to transfer more Ethereum from Coinbase to their MetaMask wallet, they quickly copy an address from their transaction history, mistakenly selecting the scammer’s fake address. Believing it to be their MetaMask wallet, they proceed with the transaction. Instead of going to their actual MetaMask wallet, the Ethereum is sent directly to the scammer’s wallet, resulting in a loss of funds.
The scam relies on human error and the assumption that transaction history is reliable. Many users copy-paste wallet addresses from their history without verifying each character, making them vulnerable to this attack
Real-World Stats & Examples: A Painful $68M Case study
Recent research highlights just how widespread address poisoning has become in the crypto space. Analysts recorded more than 270 million on-chain poisoning attempts, targeting around 17 million wallet addresses across major blockchains. Losses from these scams are estimated at over USD $83.8 million, with attackers exploiting small, lookalike transactions to slip poisoned addresses into transaction histories. Alarmingly, studies show that the majority of wallets still do not provide effective warnings against this type of attack, meaning users remain highly vulnerable unless they adopt proactive security measures.
In May 2024, a crypto whale lost an estimated $68 million in wrapped Bitcoin (WBTC). A Twitter (X) post by Scam Sniffer | Web3 Anti-Scam made a post that “2 hours ago, another victim lost $68 million by copying the wrong address from a contaminated transfer history.”
In the image above, the addresses outlined in green indicate a transaction from this account to a trusted address. The addresses outlined in red is for a transaction from a phishing address to this account.
The victim: 0x1E227979f0b5BC691a70DEAed2e0F39a6F538FD5
The correct address the victim sent WBTC to: 0xd9A1b0B1e1aE382DbDc898Ea68012FfcB2853a91
The scam address added to the victim’s wallet: 0xd9A1C3788D81257612E2581A6ea0aDa244853a91
It’s likely that the victim mistakenly selected the address from their address book, relying only on the first and last few familiar characters for reference. Unfortunately, the address book had been compromised, containing a fake, poisoned address that led to the loss of funds.
Seven Practical Ways to Protect Yourself from Crypto Scams
Staying informed about the latest crypto scams and practicing good trading hygiene are essential to safeguarding your assets. When it comes to crypto address poisoning, following these steps will help ensure your assets remain secure and protected from this deceptive scam.
1. Slow Down & Pay Attention
Never rush through a trade. Every trade needs to be closely reviewed and all transaction addresses (and amounts) double checked for accuracy.
2. Never Copy an Address from Your Transaction History
Avoid using your transaction history to copy wallet addresses. Scammers can manipulate it through address poisoning, leading to accidental transfers to fraudulent addresses.
3. Use Blockchain Domains for Your Address
Consider using blockchain domains (e.g., ENS for Ethereum or Unstoppable Domains) for your wallet address. These domains allow you to link a human-readable name (e.g., yourname.eth) to your wallet, reducing the chances of errors or confusion when sending funds. By relying on a verified domain, you bypass the need to manage long and complex wallet addresses.
4. Double-Check Every Address
Always verify the full wallet address before initiating a transaction. Every number. Not just the last few digits. Even small variations in characters can indicate a scam.
5. Be Cautious of Small, Unsolicited Transactions
Unexplained deposits in your wallet, especially in tiny amounts, could be an indication of an address poisoning attempt. Treat them as a red flag.
6. Enable Whitelisting Features
Platforms that offer whitelisting features allow you to restrict transactions to pre-approved addresses. Utilize this feature whenever possible for additional security.
7. Stay Informed About Scams
The crypto space evolves quickly, and so do the tactics of scammers. Regularly update your knowledge and share insights with others to help create a more secure community.
By implementing these measures, including using blockchain domains, you can significantly reduce your risk of falling victim to address poisoning and other scams. Always prioritize security and double-check every detail before making a transacti.
Strengthening Protection Against Address Poisoning
Brandsec supports organisations in tackling threats like address poisoning by combining monitoring, detection, and enforcement. Our Unphish platform identifies suspicious domains, websites, and social media profiles that mimic trusted brands, while our enforcement team works to remove malicious content quickly. This approach gives businesses early visibility into scams and helps reduce the risk of customers being misled by fraudulent activity.
About brandsec
brandsec is a team of highly experienced domain name management and online brand protection experts. We provide corporate domain name management and brand enforcement services, helping brands eliminate phishing platforms across the internet. Supporting some of the largest brands in the region, we offer innovative solutions to combat threats across multiple industries.
