Ethereum User Loses $700,000 in Address Poisoning Scam
1min read An Ethereum user recently fell victim to an address poisoning scam, resulting in the loss of nearly $700,000 worth of the USDT stablecoin. This incident highlights the growing threat of such scams, which exploit users' trust in familiar addresses to deceive them into sending funds to malicious actors.
Address poisoning involves creating an address that closely resembles one the victim has recently interacted with. The attacker sends a small amount of tokens to the victim, aiming to trick them into believing the attacker’s address is legitimate. For instance, if a user's deposit address is 0x11223344556677889900, a scammer might create an address like 0x1122aaaaaaaaaaaaaa9900, which appears similar in truncated form but belongs to the scammer.
In the recent case, a malicious attacker sent a transaction of 0 USDT from a wallet that looked almost identical to a Binance wallet that the victim had sent a test transaction of 10 USDT to just seconds prior. The victim likely copied what appeared to be a legitimate address from their transaction history, trusting it because they had just successfully completed a test transfer moments before. Scammers use specialized software to generate thousands of wallet addresses that match commonly used deposit addresses, employing a "spray-and-pray" tactic to maximize their chances of success.
This tactic led to the victim sending 699,990 USDT to the attacker. Shortly after receiving the funds, the scammer swapped the USDT to DAI, a decentralized stablecoin that cannot freeze funds connected to malicious activity, unlike Tether with USDT. The scammer then passed the funds through multiple wallets to obscure their tracks.
Ask Aime: Why did an Ethereum user fall victim to an address poisoning scam worth $700,000?
Address poisoning scams are becoming increasingly common. Last year, one crypto trader lost over $70 million due to such a scam, and more recently, another victim lost $467,000 worth of DAI. These incidents underscore the importance of vigilance when transferring funds. Experts recommend always performing double or triple verification of full wallet addresses before initiating any transfers. Users should never trust truncated addresses and should conduct character-by-character validation when copying deposit addresses. Additionally, cross-referencing all transactions on blockchain explorers and avoiding copying addresses from transaction history or unverified messages can help prevent falling victim to these scams.
