Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Two users lost $62 million due to “poisoning” of cryptocurrency addresses., 2026/02/09 12:55:02
Security experts from ScamSniffer reported that in January, one user lost $12.2 million by sending funds to a fraudulent address copied from transaction history. In December, another user suffered a loss of $50 million due to the same mistake.
ScamSniffer explained that both incidents are linked to a scheme known as “poisoning” of crypto addresses. In this tactic, attackers monitor transactions and create addresses that closely resemble legitimate ones. They then execute “dust” transfers of minimal amounts, causing the fake address to appear in the transaction history.
If a user subsequently copies the address from their transaction history without fully verifying it, the cryptocurrency is sent to the scammer. Such transactions cannot be reversed, resulting in a permanent loss of funds.
Related Posts
According to ScamSniffer, the prevalence of this tactic has increased following the rollout of the Ethereum Fusaka update at the end of 2025, aimed at reducing fees. Coin Metrics analysts noted that after the update’s launch, the volume of “dust” transactions involving stablecoins on the Ethereum network surged two to three times. Some of these transfers may have been used to facilitate subsequent thefts.
In addition to address “poisoning,” ScamSniffer researchers observed a significant rise in phishing attacks involving signatures in January. Over the month, 4,741 users collectively lost $6.27 million, marking a 207% increase compared to December. The largest incidents included thefts of $3.02 million from SLVon and XAUt services, as well as $1.08 million from aEthLBTC through malicious increaseAllowance permissions. These attacks rely on deceptive transaction requests. Once signed, the attackers gain access to the assets and can withdraw funds without further user confirmation.
ScamSniffer recommended avoiding copying addresses from transaction history, manually verifying the entire address string, and using saved contacts for regular transfers.
Recently, ScamSniffer experts uncovered a new method for stealing seed phrases from users of the Phantom Wallet, with attackers targeting them through malicious pop-up windows.
