qerranews 
Address poisoning scams are once again in the spotlight after two high-value crypto thefts resulted in combined losses of more than $62 million, according to blockchain security firm Scam Sniffer. Analysts warn that recent changes to Ethereum’s network economics may be accelerating the trend, making these attacks cheaper, more frequent, and harder for users to detect.
Address Poisoning Explained Simply
Address poisoning is a deceptive on-chain attack where malicious actors send tiny “dust” transactions from wallet addresses that closely resemble legitimate ones previously used by a victim. These fake addresses are crafted to match the same first and last few characters, making them appear almost identical in transaction histories.
The goal is simple: trick users into copying the wrong wallet address when sending funds. Once the transaction is confirmed on-chain, the funds are irreversibly lost.
$62M Lost In Attacks
According to Scam Sniffer, one victim lost $12.2 million in January after mistakenly copying a poisoned address from their transaction history. This followed a similar $50 million address poisoning attack in December, bringing the combined losses to over $62 million in just two incidents.
“These attacks rely more on human error than smart contract vulnerabilities,” Scam Sniffer noted, highlighting how even experienced users can fall victim during routine transfers.
Signature Phishing Surges Too
Alongside address poisoning, Scam Sniffer reported a sharp rise in signature phishing attacks, another increasingly common crypto scam. In January alone, attackers stole $6.27 million from 4,741 victims, representing a 207% increase month-over-month.
Notably, just two wallets accounted for 65% of all signature phishing losses during the period.
Unlike address poisoning, signature phishing tricks users into signing malicious blockchain transactions, often granting unlimited token approvals that allow attackers to drain wallets over time.
Trend Shows No Slowdown
Security firm Web3 Antivirus warned that address poisoning remains one of the most consistent ways large sums of crypto are lost.
“Some of the largest address poisoning incidents we’ve tracked range from $4 million to $126 million,” the firm said, adding that recent cases suggest the trend is not slowing down.
Researchers explained that attackers generate full wallet addresses that look nearly identical at a glance, exploiting users’ reliance on partial address matching rather than full verification.
Ethereum Dust Attacks Rise
Analysts believe the surge in address poisoning may be linked to Ethereum’s Fusaka upgrade, rolled out in December, which significantly reduced transaction costs. Lower fees make it economically viable for attackers to send millions of dust transactions at scale.
As a result, stablecoin-related dust activity now accounts for around 11% of all Ethereum transactions and 26% of active addresses on an average day, according to Coin Metrics.
The firm analyzed over 227 million stablecoin balance updates between November 2025 and January 2026 and found that 38% were under one cent, a pattern consistent with mass address poisoning campaigns.
Stablecoins Attract Bad Actors
Blockchain intelligence firm Whitestream reported that the decentralized stablecoin DAI has increasingly become a preferred asset for illicit actors.
DAI is often used as a “parking place” for illegally sourced funds, the firm said, because its governance structure does not cooperate with authorities to freeze wallets. This characteristic has made it attractive in recent address poisoning and dust attack cases.
Staying Safe From Poisoning
Security experts urge users to avoid copying wallet addresses from transaction histories and instead rely on address books, ENS names, or QR codes. Verifying the full address — not just the first and last characters — remains one of the most effective defenses.
As Ethereum transaction costs remain low, analysts expect address poisoning and dust attacks to remain a persistent threat across DeFi and stablecoin ecosystems.