On Sunday, an Ethereum user unwittingly sent nearly $700,000 worth of USDT stablecoin to a scammer due to an address poisoning attack. In this type of scam, malicious actors create wallet addresses that closely resemble legitimate ones previously used by the victim. By sending a small transaction from this fake address, scammers trick users into believing it is a trusted one when copying it for larger transfers.
The victim, trusting their transaction history, copied the poisoned address and transferred a massive sum, believing it was legitimate. The scam was executed with chilling precision: the attacker initially sent a 0 USDT transaction from a wallet designed to mimic a Binance deposit address the user had just interacted with.
How Address Poisoning Works
Address poisoning is a “low effort, high reward” tactic that leverages the human tendency to trust recent transaction records. Attackers use automated tools to generate thousands of wallet addresses that mimic commonly used deposit addresses, particularly on platforms like Binance.
According to PeckShield, a blockchain security firm, users often fall prey by blindly copying wallet addresses from their transaction history without verifying every character. Experts urge users to cross-reference addresses on blockchain explorers like Etherscan, and always check the full wallet address before initiating any transfer.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
The scammer, after receiving the $699,990 USDT, quickly swapped it into DAI—a decentralized stablecoin that cannot be frozen—to prevent recovery efforts, AMLBot investigators revealed. The stolen funds were then routed through multiple wallets, making tracking and retrieval almost impossible.
‘Pray-and-Prey’ Attacks on the Rise
Blockchain security experts from firms like Cyvers and PeckShield are raising alarms as address poisoning scams escalate. Cyvers reported that in the past year alone, a crypto trader lost over $70 million to a similar scam—the largest of its kind. More recently, another victim lost $467,000 just days before this latest attack.
The scams operate by blasting out thousands of fake transactions to wallets across the blockchain, banking on even a tiny percentage of victims falling for the trick. The automated nature of these scams ensures high scalability at almost no cost to attackers.
Experts advise crypto users to adopt militant practices: verifying addresses manually, never trusting truncated wallet addresses, and avoiding copying addresses from unverified messages or previous transactions. Vigilance, they warn, is the only true defense.