Crypto Trader Loses $2.5 Million in Address Poisoning Scam

A crypto trader recently lost over $2.5 million worth of Tether (USDT) after falling victim to an address poisoning scam not once, but twice within a span of just a few hours. The incident, reported by blockchain security firm Scam Sniffer, highlights the increasing sophistication and prevalence of such scams in the crypto community.

The first error occurred when the trader copied a manipulated wallet address from their transaction history, resulting in a transfer of $843,000 to the scam address. Unfortunately, the trader repeated the same mistake just hours later, sending another $1.7 million to the same fraudulent address. This method, known as address poisoning or history poisoning, involves scammers sending tiny transactions from wallet addresses that closely resemble legitimate ones. These fake transfers are designed to appear in the victim’s transaction history, making it easy for the user to mistakenly copy the malicious address when attempting to make a legitimate transaction.

These exploits are becoming increasingly common as attackers target crypto users through subtle, low-effort techniques that rely on user error and interface habits. The incident serves as a stark reminder of the importance of vigilance and caution when handling cryptocurrency transactions. Users are advised to double-check wallet addresses and avoid copying them from transaction histories, especially if they have received any suspicious or unfamiliar transactions.

In addition to address poisoning scams, hackers have been evolving their methods to target users more directly. Blockchain security firm SlowMist highlighted a growing wave of SMS phishing campaigns. In these scams, malicious actors typically send messages impersonating crypto exchanges, falsely claiming an issue with a withdrawal or security breach. The victims are then instructed to call a support number in the message. When they do, they’re connected to a fake agent who directs them to a phishing website. On the website, users would be asked to input their recovery or mnemonic phrase, giving hackers full access to their crypto wallets.

According to blockchain analyst ZachXBT, these social engineering tactics have already cost users over $300 million. Considering this, SlowMist strongly advises crypto users to avoid sharing recovery phrases, ignore unsolicited texts or calls, and verify all communications through official websites or apps. The increasing frequency and sophistication of these scams underscore the need for heightened awareness and security measures within the crypto community.