Address poisoning recently cost 2 victims over $62M alone: Scam Sniffer

The cryptocurrency ecosystem is facing a critical and escalating threat known as address poisoning, a deceptive scam that exploits user reliance on truncated address verification. Security firm Scam Sniffer recently issued a severe warning after two separate victims were collectively defrauded of over $62 million in a single attack campaign.

Address poisoning, often referred to as ‘0x00… poisoning,’ is a method where a scammer generates a wallet address that intentionally mirrors the beginning and ending characters of a legitimate recipient’s address. The attacker then sends a negligible ‘dust’ transaction (often zero value) from this malicious, lookalike address to the victim’s wallet. This action ensures that the malicious address is recorded in the victim’s recent transaction history and transfer list.

When the victim prepares to send a large sum, they often reference their recent transaction history to quickly copy the recipient’s address, mistaking the scammer’s recent, lookalike address for the legitimate one. Because the victim typically verifies only the first four and last four characters—which are identical—they authorize the transfer, sending millions directly to the attacker.

Scam Sniffer’s alert highlighted that the recent $62 million loss, involving transactions of approximately $36 million and $26 million respectively, demonstrates the high stakes and precision used in these on-chain social engineering attacks. This incident underscores that checking the full address, character by character, is no longer optional but a critical security necessity. To mitigate this risk, users are strongly advised to utilize security scanners before approving transactions, employ hardware wallets, and leverage services like ENS (Ethereum Name Service) which rely on readable names rather than complex hexadecimal strings.

Source: Address poisoning recently cost 2 victims over $62M alone: Scam Sniffer