- Trending
- Comments
- Latest
A single Ethereum user lost $50 million in December after unknowingly sending funds to a fraudulent address, part of a devastating two-month address poisoning spree that has drained $62 million from just two victims, according to blockchain security firm ScamSniffer.
“Two victims. $62M gone,” – ScamSniffer, Web3 anti-scam firm, in a Feb. 8 post on X.
Both incidents followed the same pattern: attackers inserted nearly identical addresses into transaction records, relying on users to copy and paste from recent activity without verifying the full wallet string.
Address poisoning attacks exploit routine wallet workflows. Scammers monitor blockchain transactions, generate vanity addresses that closely resemble legitimate ones, and send tiny dust transfers to targets.
These small transactions insert fraudulent addresses into a user’s activity log.
When users later copy an address from that history instead of manually verifying it, funds are transferred directly to the attacker.
Security researchers say the tactic has expanded rapidly following Ethereum’s late-2025 Fusaka upgrade, which reduced transaction costs and made large-scale scam operations cheaper to run.
Millions of low-value transactions are now reportedly sent daily, many intended solely to prepare future theft attempts.
The surge in spam activity is also skewing network metrics. Rising transaction counts and active wallet numbers increasingly include automated or malicious traffic rather than genuine economic demand.
Investigations have linked some poisoning campaigns to organised groups that reuse infrastructure across thousands of wallets.
Alongside address poisoning, ScamSniffer documented a significant rise in signature-based phishing during January 2026.
The firm recorded $6.27 million in losses across 4,741 victims, a 207% month-over-month increase in value terms.
Two wallets accounted for approximately 65% of the total damage, including major thefts of $3.02 million from SLVon and XAUt tokens and $1.08 million from aEthLBTC through malicious approval requests.
These attacks typically present users with transaction prompts that appear routine. Once signed, they grant scammers persistent permission to access tokens, enabling withdrawals without further authorisation.
The rise in signature phishing represents an additional operational risk layer that can bypass conventional security assumptions.
Security firms are urging investors to adopt stricter transaction verification practices, including manually confirming full wallet addresses and avoiding copying from transaction history.
Analysts expect both address poisoning and signature phishing to remain persistent threats as transaction fees stay relatively low and automation tools become more accessible to attackers.
The recent incidents demonstrate that even as Ethereum infrastructure evolves, user-level operational security remains a critical line of defence.
Without improvements in wallet interfaces and verification habits, routine actions, such as copy-and-paste transfers, are likely to continue generating disproportionate financial losses across the ecosystem.
