Address Poisoning Scams via Cryptocurrency
Attackers send tiny crypto transactions to poison a victim's wallet history with a lookalike address, hoping the victim will copy it for a future transfer.
Part of: Address Poisoning Scams
Last reviewed: 8 June 2026
Address poisoning exploits a behavioral shortcut that many crypto users take: copying a recent transaction address from their wallet history instead of re-entering a known address from scratch. Attackers generate vanity addresses that closely mirror the first and last characters of an address you have legitimately transacted with, then send a dust transaction to lodge that fake address in your history.
Because most wallets display only the first and last few characters of an address, the poisoned entry is visually identical to the real one at a quick glance. The next time a victim sends funds, they may paste the attacker's address instead of the intended recipient, resulting in an irreversible loss.
How this scam works on cryptocurrency
The scam plays out silently and requires no interaction from the victim beyond a single copy-paste mistake. Attackers monitor mempool data for high-value transactions, then immediately dispatch a zero-value or near-zero-value transaction from a crafted address to the victim's wallet. The crafted address is engineered to match the legitimate address character-for-character at both ends.
Weeks or months later, when the victim wants to send funds to the same recipient, they scroll their transaction history, see the poisoned entry near the top, copy it without verifying the middle characters, and send the transfer. The funds arrive in the attacker's wallet, and no chargeback mechanism exists on the blockchain.
Common red flags
- Your transaction history contains a small incoming transaction you did not initiate
- An address in your history looks identical at first and last glance to a trusted address but differs in the middle
- You receive unsolicited dust transactions shortly after completing a large transfer
- Wallet history shows the same apparent recipient sending you micro-amounts repeatedly
- The incoming dust transaction carries no recognizable token or memo
How to protect yourself
- Always verify the complete address character-by-character before confirming any transfer, not just the first and last few characters
- Save frequently used addresses in your wallet's address book rather than copying from transaction history
- Enable ENS or equivalent name-service lookups so you can send to a human-readable name rather than a raw address
- Mark suspicious dust transactions as spam in your wallet application if that feature is available
- Use a hardware wallet that forces full-address display on the device screen before signing
How to report it
- Flag the malicious address on the relevant block explorer (e.g., Etherscan's phishing database)
- Report to the IC3 at ic3.gov if you suffered financial loss
- Notify your wallet provider's support team so they can flag the address for other users
- File a report with your national cybercrime authority
Frequently asked questions
What is a vanity address in the context of address poisoning?
A vanity address is a cryptocurrency wallet address that has been computationally generated to match specific characters, in this case the start and end of a target address, making it appear identical at a glance.
Can I recover funds sent to a poisoned address?
Generally no. Cryptocurrency transactions are irreversible once confirmed on the blockchain. Preserve all evidence and report to law enforcement immediately.
Which blockchains are most targeted by address poisoning?
The attack is technically possible on any UTXO or account-based blockchain, but networks with high transaction volumes and publicly visible history are most commonly targeted.