Unsuspecting crypto users lost more than $1.6 million to scammers via address poisoning attacks just this week — a figure that beats the entire month of March.
A victim lost 140 Ether (ETH), worth around $636,500, on Friday after copying the wrong address from a contaminated transfer history, reported crypto scam prevention platform ScamSniffer.
“The user basically sent 140 ETH to a lookalike address that had been seeded in the history after a copy-paste mistake,” said the team, who added, “his history is full of poison address attacks, so it was only a matter of time before the trap worked.”
Another victim lost $880,000 worth of crypto to address poisoning on Sunday, while other alerts show a crypto user lost $80,000, and another lost $62,000 on Wednesday to scammers.
Compiling the alerts from cybersecurity firms, Cointelegraph has found that more than $1.6 million was lost to scammers through the method since Sunday, more than the entire month of March, which saw $1.2 million lost to address poisoning.
🚨 Almost a million is lost to an address poisoning scam.@web3_antivirus detected a live address poisoning scheme that drained about $880K in USDT. One wallet had its history poisoned, and the same owner likely retried a stuck transfer from three more wallets, each sending… pic.twitter.com/N8IHy7MkIs
— Cointelegraph (@Cointelegraph) August 12, 2025
Address poisoning relies on mimicking addresses
Address poisoning involves sending small transactions from wallet addresses that resemble legitimate ones, duping users into copying the wrong address when making future transactions.
“Poisoners send small transfers from addresses that mimic a real one, so copying from history becomes a trap,” explained Web3 Antivirus, a firm offering blockchain security solutions.
Related: Jameson Lopp sounds alarm on Bitcoin address poisoning attacks
This leads to “transaction history poisoning,” where the scammer sends a fake transfer with a similar address, appearing in the victim’s transaction history. The victim copies the phony address and sends funds to the scammer, explained ScamSniffer on Friday.
Malicious signature signing
In addition to the million-dollar address poisoning thefts, at least $600,000 was lost this week from victims who signed malicious phishing signatures such as “approve,” “increaseAllowance,” and “permit” signatures, according to ScamSniffer.
On Tuesday, a victim lost $165,000 worth of BLOCK and DOLO tokens after signing malicious signatures, reported ScamSniffer.
“We sound like like a broken record, but it’s worth mentioning again: use an address book or whitelist and verify the FULL address,” before sending, ScamSniffer wrote.
Magazine: Altcoin season 2025 is almost here… but the rules have changed
