Crypto User Loses $600K in Costly Address Poisoning Attack—Here’s How It Happened

Crypto's latest heist didn't need a vault—just a few keystrokes. A single user just got rinsed for $600,000 in a classic, yet brutally effective, address poisoning scam. The attack exploits human error, not blockchain flaws—and it's a stark reminder that your biggest vulnerability sits between the chair and the keyboard.

The Bait-and-Switch You Never See Coming

Address poisoning works by tricking your eyes, not hacking the network. Scammers generate a wallet address that mimics the first and last few characters of a legitimate address you've used before. They then send a tiny, worthless transaction to your wallet—just to get their spoofed address into your transaction history. Later, when you go to send funds, you might copy the wrong one from your history. A moment of autopilot costs you everything.

Why This $600K Loss Stings

This isn't a sophisticated smart contract exploit. It's social engineering at its most basic—and profitable. The scammer's overhead is negligible; the payoff is life-changing. It highlights a painful irony in crypto: we build systems for trustless transactions, yet the entire edifice crumbles if someone can't double-check a 42-character string. Some call it a tax on the inattentive; others call it the cost of doing business in the wild west.

Your Defense Is Manual

No protocol upgrade will save you here. The fix is tediously human: always verify the entire wallet address before sending. Use address book features, QR codes, or send a tiny test transaction first. This $600,000 lesson is a masterclass in why complacency is crypto's original sin. In a world chasing fully automated finance, the most critical security check remains your own two eyes. After all, the 'self' in self-custody means you're also the customer support—and the fraud department.

$600k loss joins avalanche of address poisoning attacks in 2026

The $600,000 incident is one of many. Address poisoning attacks have escalated rapidly in frequency and scale, and this year alone has already produced several high-profile losses that paint an alarming picture of the threats the industry currently faces.

In December 2025, a crypto trader lost $50 million in USDT after copying a fake address from their history, the second-largest address poisoning loss ever recorded. Apparently, the victim had withdrawn the funds from Binance, sent a $50 test transaction to the correct address, and then minutes later, copied the poisoned address for a full $50 million transfer. 

The attacker then converted the stolen USDT to DAI tokens and then approximately 16,690 ETH within 30 minutes, channeling most of it through Tornado Cash to hide their trail. The victim offered a $1 million bounty for recovery of 98% of the funds, and threatened criminal charges if the terms were not met.

January 2026 was no different. On January 16, a victim lost $514,000 in USDT after sending a $5,000 test transaction to a poisoned address ending in “f3e6F”, which was a NEAR identical match to their intended recipient ending in “D3E6F”, before following it up with the full transfer minutes later. 

Two weeks later, another victim lost $12.25 million after sending 4,556 ETH to an attacker-controlled address copied from a contaminated transaction history. ScamSniffer, who flagged this incident, observed that the two addresses were basically identical in the visible characters, with the only difference lost in the hidden middle sections that most wallets abbreviate.

This month’s victim has now joined a pattern of losses that has cost users millions of dollars in less than 3 months, primarily due to more cunning attacks and a user base that still relies on abbreviated address displays and copy-paste habits for routine transactions.

Over one million poisoning attempts on Ethereum daily

According to reports by Cyvers specialists, over one million poisoning attempts are made every single day on the ethereum network alone. 

Another study discovered at least seven distinct attack groups actively running address poisoning campaigns on Ethereum, with some groups reusing their fake addresses on both Ethereum and the Binance Smart Chain at the same time. 

The study confirmed that attackers prefer to target high-value wallets with frequent transaction histories, and that they usually run statistical analyses of USDT and USDC balances to figure out the most profitable potential victims before deploying their fake transactions.

“More users and institutions are leveraging automated tools for crypto transactions, some of which may not have built-in verification mechanisms to detect poisoned addresses” Cyvers’ CEO stated. He added that “the growing sophistication of attackers and the lack of pre-transaction security measures” are the primary drivers of the increase.

Industry stakeholders have also started voicing their opinions. Some have publicly called on wallet developers to block poisoned addresses by default following the $50 million loss in December. 

As Cryptopolitan reported on December 24, 2025, CZ proposed a blueprint to protect cryptocurrency users from fraudulent transactions.

“Our industry should be able to completely eradicate this type of poison attacks, and protect our users,” CZ wrote on Binance’s social platform. “All wallets should simply check if a receiving address is a ‘poison address’, and block the user.”

Other wallet providers are now exploring pre-execution risk assessments that simulate a transaction before it is signed, and show users exactly where their funds will go before asking them to confirm. 

Some researchers also advocated for whitelisting frequently used addresses directly in the wallet’s settings to eliminate reliance on transaction histories entirely.

The smartest crypto minds already read our newsletter. Want in? Join them.