An Ethereum user experienced a significant loss of nearly $700,000 in USDT stablecoin due to an address poisoning scam that occurred on Sunday. Security experts caution that this emerging type of scam can easily ensnare individuals who do not meticulously verify the addresses to which they are sending cryptocurrency.
What is Address Poisoning?
Address poisoning scams exploit the tendency of users to trust familiar addresses. In this scheme, attackers create a wallet address that closely resembles one that the victim has recently engaged with. The scammer sends a minimal amount of tokens to the victim’s wallet, intending to confuse them into believing that their address is legitimate. “For example, if your deposit address is 0x11223344556677889900, it may display in your wallet as 0x1122…9900,” explained 0xToolman, an anonymous blockchain investigator at Bubblemaps. “The scammer can then generate an address like 0x1122aaaaaaaaaaaaaa9900. While different, it can still appear as 0x1122…9900 in your wallet or on Etherscan, misleading you into thinking it’s the correct address when it actually belongs to the scammer.”
On the day of the incident, the attacker sent a transaction of 0 USDT from an address that closely resembled a legitimate Binance wallet, which the victim had just used for a test transaction of 10 USDT seconds earlier. “The victim probably copied what seemed to be a legitimate address from their transaction history, trusting it because they had just executed a successful test transfer moments before,” stated a representative from security firm PeckShield.
Scammers utilize specialized software to generate vast numbers of wallet addresses that mirror frequently used deposit addresses, such as those from Binance, according to PeckShield. “It’s an automated process. They employ a spray-and-pray approach, launching thousands of fraudulent transactions,” noted Hakan Unal, Senior Blockchain Scientist at Cyvers. “Even if only 0.1% of recipients fall for the scam, targeting a single high-value wallet can yield substantial rewards with minimal effort.” This automated tactic ultimately led to the victim transferring 699,990 USDT to the scammer. After receiving the funds, the scammer quickly swapped the USDT for DAI, making it difficult for Tether to freeze the assets. Unlike USDT, DAI is a decentralized stablecoin that cannot freeze funds linked to illicit activities. The scammer has since laundered the funds through multiple wallets to obfuscate their tracks.
Address Poisoning on the Rise
According to Cyvers, address poisoning scams are increasingly prevalent. Last year, one crypto trader suffered a staggering loss of over $70 million in what is believed to be the largest known case of this type. More recently, a victim fell prey to a similar scam on Friday, losing $467,000 in DAI. “🚨ALERT🚨 Our system has detected an address poisoning attack resulting in a $467K $DAI loss. The victim unknowingly sent funds to the scammer’s address,” announced Cyvers Alerts on social media.
Fortunately, these scams can be avoided by exercising caution during fund transfers. “We advise users to consistently perform double or triple checks of full wallet addresses before proceeding with any transactions,” the PeckShield representative urged. “Never trust truncated addresses (e.g., 0x123…abc)—always ensure full address visibility. Validate each character when copying deposit addresses.”
Additionally, users should cross-reference all transactions on blockchain explorers like Etherscan for further reassurance and avoid copying addresses from transaction history or unverified messages.
