What is Address Poisoning

Address poisoning is a social engineering attack targeting crypto users who copy wallet addresses from their transaction history. Attackers send zero-value (or tiny-value) transactions from a wallet address that visually resembles a legitimate address in the victim's history — hoping that the victim will accidentally copy and paste the attacker's address the next time they intend to send to the legitimate address. HOW THE ATTACK WORKS Step 1: The attacker monitors blockchain mempool transactions in real-time. Step 2: When they detect you sending ETH to, say, your own other wallet (0xABCD...1234), the attacker notes the recipient address. Step 3: The attacker creates a wallet whose address starts and ends with the same characters: 0xABCD...1234 (legitimate). 0xABCD...F234 (attacker's wallet — different middle characters). Step 4: The attacker sends a $0 transaction from their fake wallet to your wallet — placing it in your transaction history. Step 5: Next time you need to send funds to that address, you scroll through transaction history, see the similar-looking address, copy it — and send to the attacker. Addresses are 42 characters long but most wallets display only the first 6 and last 4 characters. The middle 30 characters are hidden — making the fake address visually indistinguishable. REAL-WORLD LOSSES Address poisoning has caused significant losses: A trader lost $68M by sending WBTC to a poisoned address in 2024 — one of the largest individual address poisoning losses. Dozens of Ethereum and Solana users have reported losses ranging from $1,000 to $1M+. PROTECTION STRATEGIES Never copy addresses from transaction history. Always copy addresses from trusted sources (exchange interface, official project website, previously verified contacts). Use ENS or other name services (.eth) rather than hex addresses when available. Always verify the full 42-character address before confirming any significant transaction — expand the address display in your wallet. Double-check by sending a $1 test transaction before any large transfer. Use hardware wallets (Ledger, Trezor) that display the full address on the device screen before signing.

Terms in addition to the Address Poisoning

Blockchain

A blockchain is a subset of a distributed database. The Bitcoin inventors originally prototyped the system in 2008. This modern database is made up of separate blocks that are connected together in a chronological chain. Blockchains may be used to store a wide range of data types. It has mostly been utilized as a public ledger for bitcoin transactions to date. A peer-to-peer network comprised of independent nodes uses a consensus process to ensure the blockchain's security and legitimacy. Each node in the network keeps a public and immutable copy of the data.

2 Factor Authentication (2FA)

2 Factor Authentication is a security measure with two layers. It is used by the majority of cryptocurrency exchanges. To log in, you must provide not only a password, but also a code obtained, for example, from the Google authenticator.

Airdrop

An airdrop is a method of distributing coins. End users can typically obtain coins for free or in exchange for doing a small task, such as subscribing to a newsletter, sending a tweet, or inviting others via a personal affiliate link. Cryptocurrency airdrops — the act of depositing cryptocurrency into public crypto wallets — are utilized as a marketing, liquidity creation, and network bootstrapping technique for many different types of blockchain initiatives.

Altcoin

Altcoin - "alternative coin" - is any kind of digital currency other than Bitcoin. Since the launch of Bitcoin, the world's first digital currency, many altcoins (as well as supporting blockchains) have been created. Altcoin digital currencies share many similarities to Bitcoin, but consistently and have significant differences. There are about 20,000 altcoins, and this number is expected to grow significantly in the coming years. Altcoins often develop Bitcoin features. Ethereum, currently the most widely used blockchain, supports digital contracts and separate applications where Bitcoin does not. Altcoins are also often created to cater to the needs of different users. The Litecoin blockchain, for example, can process payments quarterly for the duration of Bitcoin.

Cold Storage

Cold storage is the way to store cryptocurrency offline. The word refers to the use of offline wallets that are not connected to the internet. Cold storage is the most secure way to keep cryptocurrencies since an offline currency becomes less likely to be hacked and stolen. Paper wallets, printed renditions of private keys, and offline hardware and software wallets are all examples of cold storage.