Address Poisoning Scams
Scammers send tiny transactions from addresses that look identical to your regular contacts, hoping you will copy the wrong address for future transfers.
Last reviewed: 1 June 2026
What this scam is
Address poisoning is a scam that exploits the common practice of copying a wallet address from a recent transaction history rather than re-entering it manually. Because cryptocurrency wallet addresses are long, complex strings of characters, most users copy and paste them to avoid errors. Address poisoning turns this convenience into a vulnerability.
The scammer generates a wallet address that closely mirrors a legitimate address you use frequently — typically matching the first several and last several characters, which are the parts most people check when verifying. This near-duplicate address is then 'poisoned' into your transaction history by sending a tiny, near-valueless transaction to your wallet from it. The transaction now appears in your history sitting near a real transaction to or from the genuine address.
The next time you need to send funds to that genuine address and look at your history to copy it, you may accidentally copy the scammer's lookalike address instead. The funds you send go directly to the scammer.
The attack requires no technical exploitation of your wallet and no malware. It exploits human behaviour — the habit of copying from history and the practical difficulty of manually verifying a full 40-character address character by character.
Address poisoning has resulted in significant losses even among technically experienced crypto users, because the check most people perform — verifying the first and last few characters — is precisely what the scammer's address is designed to pass.
How it works
The scammer monitors public blockchain transaction data to identify wallets that have made or received transactions involving addresses they want to impersonate. Because all transactions on public blockchains are visible to anyone, the scammer can see every address your wallet has interacted with.
They then generate a vanity address — an address with a chosen prefix and suffix — that matches the target address in its first several and last several visible characters. Address generation tools can produce these vanity addresses quickly.
A dust transaction (a tiny amount of cryptocurrency or a valueless token) is sent from this lookalike address to your wallet. This creates an entry in your transaction history that appears near — or even immediately above or below — a legitimate transaction involving the genuine address.
When you next go to send funds and look at your transaction history to copy the recipient address, your eye is drawn to the similar-looking entry. If you copy the poisoned address rather than the genuine one, you send your funds directly to the scammer. The blockchain confirms the transaction — it is a valid transfer to a valid address — and the funds are gone.
Why this scam works
The attack succeeds because it targets a specific gap between security knowledge and practical behaviour. Most crypto users know they should verify addresses carefully, but in practice, checking the first and last few characters of a long address has become a standard shortcut. Address poisoning is specifically engineered to defeat this shortcut.
The transaction history interface in most wallets presents addresses truncated for readability — showing only the first and last several characters. This display format, intended to help users, is precisely what makes the attack difficult to detect at a glance.
A typical pattern
A person regularly sends cryptocurrency to a business counterpart and copies the recipient address from their recent transaction history each time. One day, they notice a tiny incoming transaction from an address that looks identical to their counterpart's. They do not question it. On the next payment occasion, they copy an address from their history — the poisoned one — without comparing every character. The payment is made, confirmed on-chain, and gone. When the counterpart reports not receiving the funds, both parties examine the transaction and realise the destination address differs in the middle characters.
Common red flags
- A tiny transaction from an unfamiliar address appearing in your history
- Transaction history contains two entries with very similar first and last characters
- An address in your history that you do not remember adding or transacting with
- Wallet interface showing an incoming zero-value or dust token you did not request
- Missing funds after a transfer you believed went to a trusted address
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
No message — the attack is entirely on-chain via a dust transaction. The scammer sends [small amount] to your wallet from [lookalike address] to plant it in your history.
[Lookalike wallet address] — designed to match first and last characters of your real contact's address.
Common variations
- Token dust poisoning — a valueless token is sent to plant the lookalike in history
- Zero-value ETH transfer — a transfer of 0 ETH from a lookalike address
- NFT dust — a valueless NFT sent with the scammer address as source
- Cross-chain variant — poisoning occurs on a bridge interaction history
- Business payment targeting — focused on companies making regular large-value crypto transfers
How to verify before you act
Never copy a wallet address from your transaction history without verifying every character against an independently trusted source — such as a saved address book entry, the payee's website, or a message you received through a channel you trust.
When pasting an address, hover over or expand it in your wallet interface to view the full string, and compare it character by character against your trusted source. Even one character difference means it is a different address.
Consider using your wallet's built-in address book feature to save frequently used addresses. Addresses saved in your address book were saved by you at a known-good moment — copying from there avoids copying from potentially poisoned transaction history.
For high-value transactions, confirm the destination address with the recipient via a separate communication channel before sending.
Payment methods used
- Cryptocurrency sent to wrong address by the victim
Who is usually targeted
- Active crypto traders and DeFi users
- Businesses making regular crypto payments
- Anyone who copies addresses from transaction history
What to do immediately
- If you have sent funds to the wrong address, act immediately — contact any exchange that received the funds (if identifiable) as they can sometimes freeze assets
- Document the transaction hash, the poisoned address, and your intended address
- Add your genuine frequently-used addresses to your wallet's address book now to prevent future mistakes
- Report to your national fraud authority with all transaction details
- If the scam occurred on a centralised exchange, contact their fraud team — some have compliance contacts that interface with law enforcement
- Do not pay any recovery service claiming to retrieve blockchain funds — this is a second scam
How to prevent it
- Never copy a recipient address from your transaction history — use a saved address book
- Always verify every character of a destination address before a high-value transfer
- Confirm new recipient addresses with the payee through a separate, trusted channel
- Use your wallet's address book for regularly used addresses
- Send a small test transaction and confirm receipt before sending a large amount
- Be alert to any dust transactions or unknown tokens arriving in your wallet
- Keep wallet software updated — newer wallets may flag known dust attack patterns
Evidence to preserve
- Transaction hash of the misdirected payment
- The poisoned address (lookalike) and the correct intended address
- Transaction hash of the dust or poisoning transaction
- Screenshots of your wallet history showing both addresses
- The intended recipient's correct address from a verified source
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Can I get my funds back if I sent to the wrong address?
Blockchain transactions are irreversible. If the destination is a scammer's wallet, recovery through technical means is not possible. Some centralised exchanges can freeze funds if contacted immediately, but this is rare and depends on the transaction path.
How do I know if my wallet has been targeted by address poisoning?
Check your transaction history for tiny incoming transactions from addresses you do not recognise that closely resemble addresses you use regularly. The first and last characters will match your legitimate contacts but the middle portion will differ.
Is address poisoning illegal?
In most jurisdictions, deliberately engineering a situation to cause someone to misdirect funds constitutes fraud. Report to your national fraud authority. The pseudonymous nature of blockchain makes prosecution difficult, but reporting contributes to investigation data.
Should I check the whole address or just the first and last characters?
For any transaction of meaningful value, verify the complete address. Checking only the first and last characters is the specific vulnerability address poisoning exploits. If that check is all you do, the attack is designed to pass it.
Is there a safe way to copy addresses?
Use your wallet's address book to store verified addresses — these were saved at a time when you had confirmed they were correct. For new recipients, confirm the address through a separate channel (a voice call, a verified messaging conversation) before sending.
Can crypto recovery services get my funds back?
No legitimate service can reverse a blockchain transaction. 'Crypto recovery' services are a documented second scam targeting people who have already lost funds. Do not pay any such service.
How many characters do I need to check to be safe?
All of them. Vanity address generators can produce addresses matching many characters at both ends. The only safe approach for high-value transactions is to verify the complete address character by character against an independently trusted source.