Address Poisoning Attack

Attackers send tiny transactions from an address that closely resembles your real contact's address, hoping you'll copy the wrong address from your transaction history when sending funds.

High Severity

Technical Exploit

Common

How This Scam Works

Scammers monitor the blockchain for your transactions and create a wallet address that matches the first and last few characters of an address you frequently interact with. They then send you a tiny amount (often 0 or near-0 tokens) from this lookalike address. When you check your transaction history and copy an address to send funds, you might accidentally copy the scammer's similar-looking address instead of the real one. Since most people only check the first and last few characters, the funds go to the attacker.

Red Flags to Watch For

Unexpected small incoming transactions from unknown addresses
An address in your history that looks almost identical to a regular contact
Transaction amounts of exactly 0 or tiny fractions of a token
Multiple similar-looking addresses appearing in your recent history

Common Phrases Scammers Use

“There are no verbal phrases — this is a silent, technical attack”

“Attackers rely on human error when copying addresses”

“The poisoned transactions appear as normal transfers in your history”

What to Do Right Now

1Always verify the COMPLETE address character by character before sending
2Use an address book or saved contacts feature in your wallet
3Send a small test transaction first when sending to any address
4Use ENS names or address labels instead of raw addresses when possible
5If you sent to a poisoned address, report it to the blockchain explorer

What NOT to Do

Never copy addresses from transaction history without full verification
Do not rely on checking only the first and last few characters
Do not rush large transfers — always double-check the full address
Do not panic about small incoming transactions — they cannot harm your wallet

How to Report It

Etherscan Address Poisoning Report — via Etherscan contact form
FBI IC3
Your wallet provider's support team

Frequently Asked Questions

How common are address poisoning attack scams?+

Address Poisoning Attack scams are currently rated as "common" in our tracking. Active DeFi users, anyone who regularly sends crypto, users who copy addresses from transaction history are the most frequently targeted groups. These scams continue to evolve, so staying informed about current tactics is essential.

Can I get my money back after falling for a address poisoning attack scam?+

Recovery of crypto sent to scammers is very difficult because blockchain transactions are irreversible. Report the incident to law enforcement (FTC, FBI IC3) as quickly as possible. In some cases, if funds passed through a regulated exchange, authorities may be able to freeze them. Do not pay anyone who claims they can recover your funds — this is often a follow-up scam.

How do I know if a message is legitimate?+

Check for verifiable company registration and regulatory licenses. Search for independent reviews on trusted sites — not testimonials on the platform itself. Verify URLs carefully for misspellings. Legitimate services never ask for your seed phrase or private keys, never guarantee returns, and never pressure you to act immediately.

What should I do if someone I know is being targeted by a address poisoning attack scam?+

Approach the conversation with empathy — victims are often emotionally invested and may react defensively. Share specific red flags you've noticed without being judgmental. Provide links to official scam reporting resources. If they have already sent funds, help them report to the FTC and FBI IC3 quickly. The Global Anti-Scam Organization (GASO) also provides peer support.

This information is for educational awareness only. It does not constitute legal, financial, or professional advice. If you have been the victim of a scam, contact law enforcement and consider consulting a licensed attorney.

Quick Facts

Severity: High Severity
Category: Technical Exploit
Prevalence: Common
Who Is Targeted: Active DeFi users, anyone who regularly sends crypto, users who copy addresses from transaction history
Red Flags: 4 identified

Need Help Now?

If you are being scammed right now, stop all contact and payments immediately.

Report to FTC Report to FBI IC3

Other Scam Patterns

Fake Investment Platform

Investment Scam · Very Common

Romance / Pig Butchering Scam

Romance Scam · Very Common

Fake Crypto Job Scam

Employment Scam · Very Common

Phishing Wallet & Exchange Scam

Technical Exploit · Very Common

View all scam patterns