Crypto Address Poisoning Scams Surge, Victims Lose $1.6 Million in a Single Week

Crypto address poisoning scams are on the rise, with more than $1.6 million stolen from unsuspecting users in just the past week exceeding the total reported lost in all of March 2025. This increasingly common form of blockchain-based fraud relies on contaminating a user’s wallet transaction history, causing costly copy-paste errors that result in major losses.

What Is Address Poisoning? How Scammers Trick Crypto Users

Address poisoning is an attack where scammers send small, seemingly innocuous transactions from wallet addresses that closely mimic those used by their intended victims. By creating lookalike addresses just one or two characters apart from a legitimate recipient, cybercriminals seed contaminated entries into the victim’s transaction history.

When the user later copies a wallet address for a new transfer often by habit, using their own wallet’s history they can unintentionally select the scammer’s fake address. As a result, funds meant for a trusted party are sent directly to the attacker.

“His history is full of poison address attacks, so it was only a matter of time before the trap worked,” noted crypto scam prevention tool ScamSniffer, after a major incident where 140 ETH (roughly $636,000) was lost in one transaction.

Major Thefts and Loss Totals This Week

• Friday: One user lost 140 ETH, worth about $636,500, in a single transaction due to address poisoning.
• Sunday: Another victim lost $880,000 using the same scam methodology.
• Additional incidents saw at least two other individuals lose $80,000 and $62,000, respectively, to these attacks.
• In total, more than $1.6 million has been lost this week outpacing March’s reported $1.2 million in address poisoning crypto thefts.

Address Poisoning Explained: The “Fake History” Trap

Web3 Antivirus, a blockchain cybersecurity firm, details the method:

“Poisoners send small transfers from addresses that mimic a real one, so copying from history becomes a trap.”

When viewing their wallet transaction history, users often see both legitimate and fake addresses potentially indistinguishable at a glance. The attack preys on user habits, exploiting shortcuts in daily crypto management and leading to severe losses.

Phishing and Malicious Signature Scams Add to Weekly Losses

Address poisoning wasn’t the only crypto scam making headlines this week. According to ScamSniffer, at least $600,000 was stolen from victims who fell prey to malicious phishing signatures including “approve,” “increaseAllowance,” and “permit” transactions that give scammers direct control over user assets.

• Tuesday: A user lost $165,000 in BLOCK and DOLO tokens after signing a malicious contract.

These phishing scams are often bundled together with address poisoning assaults, forming a double-threat for crypto holders who are not vigilant about their transaction security.

How To Protect Yourself: Crypto Security Tips

• Never copy an address from your transaction history without checking every character.
• Always use an address book or whitelist known addresses to minimize human error.
• Verify the full address not just the first or last few characters before transferring funds.
• Beware of unexpected small deposits from unknown accounts; check all new “contacts” thoroughly.
• Stay updated with security alerts from platforms like ScamSniffer and Web3 Antivirus.

Why Address Poisoning Attacks Are Growing

The simplicity of this scam, combined with its effectiveness, makes it attractive for cybercriminals. As more users manage digital assets and rely on copy-pasting addresses, attackers are scaling up poisoning campaigns resulting in higher losses each month. Immediate action, greater user education, and new wallet features designed to flag lookalike addresses are needed to stem the tide.

Protecting your funds begins with vigilance don’t let a simple history copy turn into a six-figure mistake. Always double-check before you send, and consider tools that help you detect and avoid address poisoning scams.