- Trending
- Comments
- Latest
Scammers have stolen over $79 million from Ethereum users through address poisoning attacks—a technique where fraudsters send tiny transactions to victim wallets using lookalike addresses, causing fake addresses to appear in transaction histories and tricking users into copying them during fund transfers.
A 2025 study found that approximately 17 million poisoning attempts targeted around 1.3 million Ethereum users between July 2022 and June 2024, suggesting the scam has evolved from sporadic spam into an industrial-scale criminal operation exploiting design weaknesses in wallet software rather than breaking the blockchain itself.
The mechanics of an Ethereum poisoning attack are relatively simple but highly effective when deployed at scale.
Attackers monitor public blockchain activity on networks such as Ethereum and identify legitimate wallet addresses involved in transactions.
Once a user sends funds, automated systems generate lookalike wallet addresses that mimic the beginning and ending characters of the real address.
The attacker then sends a tiny transaction—often worth less than a cent—to the victim’s wallet using this imitation address.
These “dust” transactions ensure the fake address appears in the user’s transaction history.
When the victim later attempts another transfer, they may mistakenly copy the malicious address from the history rather than retrieving the correct one.
This is the central mechanism behind an Ethereum poisoning attack, allowing scammers to exploit human error rather than breaking cryptographic security.
Because blockchain addresses are long strings of characters, many users only verify the first and last few characters, which makes the technique particularly effective.
Recent research indicates that the scale of the Ethereum poisoning attack threat has expanded dramatically in recent years.
A 2025 study analyzing blockchain activity found that approximately 17 million poisoning attempts targeted around 1.3 million Ethereum users between July 2022 and June 2024.
The study also estimated that confirmed losses linked to these scams exceeded $79 million.
Despite the enormous number of attempts, the success rate of a typical Ethereum poisoning attack remains relatively low.
Researchers estimate that only about 0.1% of attempts result in a successful theft—roughly one successful scam for every 10,000 poisoning transactions.
However, attackers compensate for this low success rate by scaling their operations.
Automated systems allow scammers to send massive numbers of dust transactions, dramatically increasing the probability that at least some victims will mistakenly send funds to the poisoned address.
This industrial-scale approach has transformed what was once sporadic spam into a coordinated Ethereum poisoning attack ecosystem.
Another factor contributing to the rise of the Ethereum poisoning attack trend is the changing economics of blockchain transactions.
Lower transaction fees on the Ethereum network have made it cheaper for attackers to distribute thousands—or even millions—of small transfers designed to poison wallet histories.
Analysts point to the network’s Fusaka upgrade as one factor that reduced transaction costs, indirectly lowering the barrier for scammers to launch large-scale poisoning campaigns.
As sending dust transactions becomes cheaper, attackers can operate more aggressively and target larger numbers of wallets.
The increase in automated campaigns has therefore expanded the reach of the Ethereum poisoning attack tactic across decentralized finance, token trading platforms, and everyday crypto transactions.
Cybersecurity experts say the trend underscores a broader shift in crypto-related fraud.
Instead of attempting to hack wallets directly, many scammers now rely on psychological manipulation and interface design weaknesses.
In the case of the Ethereum poisoning attack, the vulnerability lies not in the blockchain itself but in how users interact with wallet software and transaction histories.
As the cryptocurrency ecosystem continues to grow, analysts warn that such scams may become even more sophisticated.
For users, the safest defense against an Ethereum poisoning attack remains careful verification of wallet addresses before sending funds, rather than relying on addresses copied from transaction history.
Copyright © 2025 - The Bit Gazette.
