Address Poisoning Scam Strikes: 2 Crypto Investors Lose Over $60M in Sophisticated Heist

Crypto's dark underbelly just claimed another $60 million victim—or rather, two of them. A sophisticated 'address poisoning' attack has siphoned funds from wallets that likely felt secure just moments before the balance hit zero.

How the Poison Drips

Forget brute force. This scam relies on precision and psychology. Attackers generate a wallet address visually almost identical to a target's legitimate one—changing a character or two a human eye would gloss over. They then send a tiny, meaningless transaction from this poisoned address to the target, planting it in the transaction history. Later, when the victim goes to send a large sum, they might copy the wrong address from their own history, sending millions directly into the scammer's lap.

The $60 Million Reality Check

Two separate transactions. Two life-altering losses. The numbers don't lie—this isn't a theoretical threat. While the exact split between the victims isn't specified, the total haul screams 'professional operation.' It's a stark reminder that in crypto, your transaction history can be your own worst enemy if you're not paranoid about every character.

Security Isn't a Feature, It's a Discipline

This cuts through the illusion that holding assets in a self-custody wallet is inherently safe. The chain doesn't care if you meant to send it to the right place—it only executes. The fix isn't a new protocol; it's a behavioral one: triple-check every address, use address book functions, and verify the first and last several characters every single time. Bookmarking trusted addresses helps, but vigilance is the only real firewall.

In the end, this heist is less about a flaw in the code and more about a flaw in human pattern recognition—a vulnerability that, in traditional finance, would have layers of manual verification and recall options. But here? It's just you, your fat fingers, and a permanent, immutable mistake. Consider it a brutally expensive lesson in attention to detail, funded by the 'efficiency' of cutting out the middleman.

How Copying Mistakes Turn Costly

Address lookalikes are the trick. Attackers send tiny “dust” transfers from addresses that mimic ones in a user’s history so that when someone copies an address they get the wrong string.

According to Scam Sniffer, that single mistake cost one user $12.2 million in January and followed a $50 million hit in December.

The tactic relies on people trusting what appears familiar; it works because most wallets show only the first and last few characters, and the middle can be swapped for a malicious match.

Someone lost $12.25M in January by copying the wrong address from their transaction history. In December, another victim lost $50M the same way.

Two victims. $62M gone.

Signature phishing also surged — $6.27M stolen across 4,741 victims (+207% vs Dec).

Top cases: · $3.02M —… pic.twitter.com/7D5ynInRrb

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) February 8, 2026

Signature Phishing Is Growing Too

Signature scams lure users into approving dangerous contract calls or broad token approvals. Reports say $6.27 million was stolen from 4,741 victims in January, a 207% rise from December.

Two wallets took the lion’s share — accounting for 65% of those signature phishing losses. Attackers increasingly mix both tricks: small deposits to get attention, followed by social engineering that convinces someone to sign a transaction.

This is not limited to a few isolated scams. Based on reports from several trackers, roughly 270 million poisoning attempts have been recorded across ethereum and Binance Smart Chain, targeting around 17 million addresses.

Confirmed cases leading to actual theft number about 6,633, but the confirmed loss figure already tops $83.8 million. One campaign alone created 82,030 lookalike wallets, and in September 2025 there were about 32,290 suspicious poisoning events hitting 6,516 unique victims.

The numbers show a picture of automated scripts and high-volume tactics designed to find and exploit simple human errors.

Analysts LINK part of the recent surge to the Fusaka upgrade, which lowered the cost of sending tiny transactions. Coin Metrics analyzed over 227 million stablecoin balance updates on Ethereum from November 2025 through January 2026 and found that 38% of those updates were under a single penny.

Stablecoin-related dust now makes up an estimated 11% of Ethereum transactions and touches 26% of active addresses on an average day. Lower fees make these spray-and-pray tactics cheap and efficient.

Blockchain intelligence teams have tracked flows and noticed patterns. Whitestream reports that DAI has become a favored place to park illicit proceeds because its protocol governance does not cooperate with authorities to freeze wallets.

Web3 Antivirus has cataloged a range of large poisonings, with tracked losses spanning from $4 million to $126 million in some incidents. Once funds MOVE through these paths they are often hard to recover.

Featured image from Arek Socha/Pixabay, chart from TradingView