Address Poisoning Scam Drains $12.25 Million in ETH from Single Victim
A chilling new scam tactic just claimed its biggest victim yet—a single crypto holder out $12.25 million in Ethereum.
The Bait-and-Switch You Won't See Coming
Forget fake websites or hacked smart contracts. This method, dubbed 'address poisoning,' preys on muscle memory and haste. Scammers generate a wallet address that mirrors the first and last few characters of a target's legitimate, frequently-used address. They then send a tiny, worthless transaction to the victim, planting the fraudulent address in their transaction history.
The Cost of a Single Click
When the victim goes to send funds later, they glance at their history, see the familiar-looking address, and copy it—sending their fortune directly to the scammer's wallet. It's a digital sleight of hand that bypasses nearly all security checks, turning routine transactions into catastrophic losses.
A $12.25 Million Wake-Up Call
The sheer scale of this single loss—$12.25 million—signals a dangerous escalation. It proves that even sophisticated, high-net-worth players are vulnerable to psychological tricks, not just technical exploits. The industry's relentless focus on moon-shot gains often overlooks the mundane vulnerabilities in its own plumbing.
So much for 'be your own bank'—sometimes the biggest threat isn't the system, but the person in the mirror hastily clicking 'confirm.' A cynical reminder that in crypto, the most advanced financial technology in the world still can't fix human error. The next bull run will mint new millionaires, and a fresh crop of scammers is already sharpening their tools.
How do scammers use ‘address poisoning’ to steal millions?
Overall, there has been a record-breaking surge in crypto theft, including a nearly $50 million loss in December 2025 and over 1 million poisoning attempts being detected every day on the ethereum network.
The victim, using the address 0xd6741220a947941bF290799811FcDCeA8AE4A7Da, intended to send funds to a legitimate contact. However, they unknowingly copied a “poisoned” address from their transfer history.
The scammer’s address (0x6d9052b2DF589De00324127fe2707eb34e592e48) was specifically designed to look like the correct one (0x6D90CC8Ce83B6D0ACf634ED45d4bCc37eDdD2E48).
Address poisoning attacks take advantage of human error, and how crypto wallets display addresses for easier viewing. For example, an address might be shown as 0x6D90…2E48. Scammers use powerful software to generate millions of “vanity” addresses until they find one that matches those first and last few characters.
Once they have a matching address, they send a tiny amount of crypto or even a transaction with zero value to a user’s wallet, which puts the scammer’s address into their recent history. The next time the user attempts to copy that address from their history, they could very easily mistake the scammer’s address for the correct one.
Once sent, the money is gone forever because blockchain transactions cannot be reversed.
Security experts from companies like Cyvers and Immunefi report that these attacks are now happening at an industrial scale.
In January 2026, Ethereum transactions hit an all-time high of over 2.8 million per day, and analysts from Citi believe a large portion of this activity is caused by scammers sending millions of these “poison” transactions to catch a few unlucky victims.
Other major crypto thefts have happened recently
Another trader lost nearly $50 million (49,999,950 USDT) in a similar poisoning attack back in December 2025. In that case, the victim even sent a “test transaction” of 50 USDT to be safe. However, the scammer’s automated script immediately saw the test and “poisoned” the history before the victim could send the remaining $50 million. The attacker quickly converted the stolen funds into DAI and then ETH to prevent the money from being frozen.
On January 21, 2026, the Saga EVM blockchain had to be paused after a hack drained $7 million. Earlier in January, the Truebit protocol lost $26.6 million in ETH when an attacker exploited an older security hole in its system, sending the token’s price crashing by nearly 100%.
Even larger organizations like the French crypto tax platform called Waltio received a ransom demand from the ShinyHunters hacker group, which was claiming to have stolen data from 50,000 users.
In 2025 alone, over $17 billion was stolen through various scams. Chainalysis reports that “impersonation scams,” which include address poisoning, grew by a staggering 1,400% compared to the year before.
Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.
