Security
12 min read

Address Poisoning Scam

  • Yasha
  • Author Yasha
  • Published July 2, 2025

In our previous exploration of dusting attacks, we uncovered how tiny amounts of crypto can be used to trace wallets. Today, we’re spotlighting a more devious tactic: address poisoning.

Unlike phishing emails or malware, this scam doesn’t rely on breaching your device—it relies on you. More precisely, it targets your habits, your inattention, and the visual shortcuts we all take when working with complex wallet addresses. Let’s unveil one more crypto scam.

What Is Address Poisoning?

Address poisoning is a social engineering scam where bad actors send small amounts of cryptocurrency—or sometimes NFTs—to a target wallet using a spoofed address that visually resembles a legitimate one. These fake addresses are engineered to appear in your transaction history, luring you into copying and reusing them in future transfers.

Key Insight: The scam doesn’t break into your wallet or steal your private keys. It simply waits for you to make a mistake.

The Purpose: Trick, Don’t Hack

This isn’t about exploiting a bug in your wallet or stealing credentials. Instead, the scam aims to:

  • Appear as a familiar wallet address in your transaction history.
  • Exploit your habit of copying and pasting previous addresses.
  • Divert future funds to the attacker’s wallet when you reuse what looks like a trusted address.

Because most wallets display addresses based on your most recent interactions, the scammer inserts their fake address right where you’re most likely to see it—next to real ones you’ve actually used.

Psychological Manipulation at Its Core

Crypto wallet addresses are often long, complex hexadecimal strings like:

0xF3A98D3aA79b2D5Eb68f35E45290D9E1e09a1E92D

They’re not human-friendly—and scammers know it.

To exploit this, attackers create “vanity addresses” that mimic both the beginning and the end of an address you recognize, changing just a few characters buried in the middle. This works disturbingly well because most people don’t examine the whole string—they skim.

Imagine you’re texting a friend and need to call your mom. Instead of searching her contact, you go to your recent calls list and click the number at the top that looks like hers—same area code, same last four digits.

But it’s not her.
It’s a scammer who left a missed call on purpose, hoping you’d react on autopilot.

That’s exactly how address poisoning works.
The number wasn’t hacked. Your attention was.

It’s not a software attack. It’s a psychological one.

If you are unsure about the legitimacy of a transaction, it is best to contact us via our Support who will help resolve your issue

Types of Address Poisoning Attacks

Source: Chain Analysis

Address poisoning isn’t a one-size-fits-all scam. As highlighted in recent case studies and security reports, attackers have developed variations of this tactic that exploit different behaviors and wallet environments. Here are the most common types:

1. Vanity Address Mimicry (Classic Poisoning)

Attackers create a fake wallet address that visually matches the beginning and end of a legitimate address. They then send a small transaction (dust or zero value) so it appears in the target’s transaction history.
If the victim later copies that address without verifying it, their funds go directly to the scammer.

Used on: Ethereum, BNB Chain, Solana
Risk factor: High if you reuse past addresses

2. Zero-Transfer Address Spoofing

Instead of sending funds, the attacker sends zero-value transfers from spoofed addresses that resemble trusted senders.
These appear in explorers and some wallet interfaces, tricking the user into thinking the sender is familiar.
Copying from these entries leads to funds being sent to a scammer-controlled address.

Used on: Ethereum, Solana, Tron
Note: Not technically address poisoning, but often lumped together due to similar execution

3. NFT Airdrop Poisoning

Scammers airdrop NFTs from spoofed addresses or suspicious collections that look like legitimate ones.
These NFTs show up in your wallet activity or collectibles tab and may tempt you to interact with them or trust the sender’s address.

Goal: Social engineering or bait to lead you to malicious contracts or phishing sites

4. Multichain Address Copy-Poisoning

Some wallet users reuse the same address across multiple blockchains (e.g., MetaMask with Ethereum, BNB Chain, Polygon).
Attackers exploit this by poisoning an address on one chain (e.g., Polygon) hoping the user will copy it and mistakenly use it on another, like Ethereum — where higher-value transfers occur.

This variation exploits cross-chain wallet behavior.

How the Address Poisoning Scam Works: Step-by-Step Breakdown

Source: CoinTelegraph

To understand the threat fully, it’s important to see how the scam actually unfolds from start to finish. 

While it may seem passive on the surface, address poisoning is a calculated and automated scheme that uses publicly available data to insert fake addresses into your routine, waiting for just one moment of inattention. 

Here’s how it happens:

  1. Surveillance
    Scammers monitor blockchain activity (which is publicly visible) to identify active wallets with recent transactions.
  2. Fake Address Generation
    Using software tools, they generate fake wallet addresses that mimic the first and last digits of addresses you’ve interacted with. The subtle differences are buried in the middle.
  3. Poisoning the History
     They send:
    • Zero-value transactions (common on Ethereum or Solana), or
    • Dust transactions (very small amounts like 0.000001 ETH)
      to your wallet, ensuring their fake address shows up in your transaction list.
  4. Waiting for the Mistake
    The next time you need to send funds—perhaps to yourself on another exchange, a cold wallet, or a friend—you check your past activity. You copy the most recent address. But it’s not yours. It’s theirs.
  5. The Outcome
     Your crypto is sent to the scammer’s wallet. The funds are gone. And because transactions are irreversible, there’s no getting them back.

Why Address Poisoning Scams Works So Well

Address poisoning isn’t a brute-force attack or a high-tech exploit. It works because it blends seamlessly into normal user behavior. It preys on trust, repetition, and visual shortcuts. 

The success of this scam isn’t about breaking in — it’s about being overlooked.

  • Blockchain Transparency: Transaction histories are visible and accessible.
  • User Behavior: Copying from history is a common shortcut.
  • Visual Illusion: Matching the first and last characters masks the difference.
  • No Intrusion Detected: There’s no malware, no phishing—just a clever trick.
  • Some Wallets Don’t Flag It: Many interfaces show all transactions by default, making the scammer’s transaction blend in.

Real-World Cases of Address Poisoning Scams

Address poisoning has already caused multi-million dollar losses, even among experienced traders. Below are some of the most well-documented and revealing cases:

1. Trader Falls for the Same Scam Twice — Loses $2.6 Million

In May 2025, a crypto trader lost a total of $2.6 million in USDT after falling for the same address poisoning scam twice in three hours.

The attacker sent zero-value transactions from a vanity address that closely mimicked one the trader had used before. The trader copied the poisoned address from their transaction history and sent $843,000.

Just a few hours later, unaware of the mistake, they copied the same address again and transferred another $1.75 million — straight to the scammer.

2. $68 Million in Wrapped Bitcoin Lost to Spoofed Address

In a separate incident, a user transferred $68 million in WBTC (Wrapped Bitcoin) to an address that was just one character off from the intended recipient.

Investigators determined the attacker had created a lookalike vanity address, matching the first and last characters of the real one — a subtle manipulation that proved incredibly costly.

3. NFT Airdrop Poisoning as a Social Engineering Trap

Another variation involves scammers sending NFTs from addresses that mimic legitimate projects or creators. These NFTs show up in the user’s wallet, giving the false impression that the sender is trusted.

The goal is to trick users into interacting with malicious smart contracts or clicking on phishing links, leading to wallet drain attacks or further scams.

How to Protect Yourself

The good news? Address poisoning is entirely preventable. Unlike other scams that rely on technical vulnerabilities or malware, this one depends on your actions, and that means you have full control. 

niceBy adjusting a few simple habits and using the right tools, you can shut down this scam’s entire strategy. Here’s how to keep your crypto safe:

1. Avoid Copying from Transaction History

This is the single most important step. If you copy and paste from old transactions, you’re walking into the scammer’s trap.

2. Verify the Full Address

Don’t just check the first and last few characters. Use wallet tools that show the full string and confirm each one carefully.

3. Use Hardware Wallets

Devices like Ledger, Trezor, or KleverSafe require you to physically confirm the receiving address on the device before sending. This protects you from spoofed UI or fake history entries.

4. Blur Suspicious Transactions

Some wallets blur zero-value transactions to prevent accidental copying. Make sure this feature is enabled—or switch to wallets that support it.

5. Whitelist Trusted Addresses

If your wallet or dApp supports it, pre-approve and lock in addresses you send to frequently.

6. Be Cautious with Test Transactions

Ironically, sending a test transaction is often when a scam address appears next in history. If you send a test transfer, don’t copy from its result—always return to the source.

Scams That Rely on You, Not Code

  • Address poisoning doesn’t breach your wallet — it exploits your trust and habits.
  • It’s a low-cost, high-reward scam that’s easy to automate across thousands of wallets.
  • Your best defense is vigilance, not antivirus software.
  • If you take just one action, let it be this: Never copy an address from your transaction history.

Crypto Security Is About Behavior, Not Just Technology

Blockchain technology is secure by design, but human behavior remains its greatest vulnerability. Scammers no longer need to break the system; they just need to bet on you being in a rush, distracted, or careless.

Let’s not give them that chance.

Stay vigilant, Be Klever

Related Posts

Visual representation of a dusting attack in cryptocurrency, showing a stylized crypto wallet receiving micro deposits, with the title "Dusting Attacks – How tiny crypto amounts can expose and drain your entire wallet" from Klever.
  • Yasha
  • Posted by Yasha
June 25, 2025
12 min read

Dusting Attacks in Crypto

Imagine receiving a tiny amount of cryptocurrency—so small it’s barely worth a...

Read More
Market manipulation visual with puppet master figure controlling price charts, illustrating how crypto scams make funds disappear unnoticed
  • Yasha
  • Posted by Yasha
June 18, 2025
19 min read

Insider Trading & Market Manipulation Scams

Cryptocurrency markets have matured—but that hasn’t stopped manipulation from evolving right along...

Read More
Visual of a digital shield with a check mark representing blockchain security. Text reads: ‘What is CertiK? and why does it matter?’ Logos of Klever and CertiK are displayed below
  • Yasha
  • Posted by Yasha
June 16, 2025
6 min read

What is CertiK and Why Does It Matter

In blockchain, security isn’t optional—it’s expected. With smart contracts handling millions in...

Read More