Recently, a new, sophisticated type of fraud has emerged on the Ethereum network: "address poisoning" attacks. These attacks do not exploit system vulnerabilities but rather cleverly capitalize on user negligence in their behavior. They have quietly infiltrated daily transaction processes, posing a potential risk of financial loss to users.
How Do Scammers Implement the Attack?
The core of address poisoning lies in forging fake wallet addresses that are highly similar to the target user's frequently used addresses. Scammers exploit the habit of most users who only check partial address information before transferring funds. They generate visually similar addresses and conduct small test transfers, thereby getting their addresses listed in the user's transaction history. Once a user mistakenly selects these forged addresses in subsequent operations, their funds could be stolen.
Why Has the Attack Escalated?
Etherscan points out that the prevalence and automation of address poisoning attacks on the Ethereum network are continuously increasing, with a large number of fake addresses being injected into users' transaction histories. Specifically, such scams often leverage bots to analyze transaction activity and then initiate fraudulent small transfers from visually similar addresses. Since most wallet interfaces only display partial address information, these deceptive entries are often difficult to detect initially.
What Are the Losses?
The severity of address poisoning attacks has been underscored by a series of high-profile incidents. In March 2026, a notable event resulted in losses amounting to $24 million. Ongoing monitoring estimates that losses had already approached $62 million in early 2026 alone. The rapid accumulation of fake transactions, sometimes exceeding the number of genuine ones, further complicates user identification.
How Can Users Protect Themselves?
Experts strongly advise users to meticulously verify the complete wallet address before completing any transfer. Tools such as Etherscan's address highlighting feature and the Ethereum Name Service (ENS) can effectively help users identify trustworthy addresses. Additionally, maintaining a detailed address book with personal annotations can prevent the reuse of previously problematic addresses. Some blockchain explorers also enhance security by hiding low-value, potentially fraudulent transfers.
Ethereum users must remain constantly vigilant against the persistent threat of address poisoning attacks. Coupled with reduced transaction fees and increasingly sophisticated social engineering tactics, carefully verifying the authenticity of every transaction address has become paramount. Neglecting these basic security measures means setting yourself up for risk in the ever-evolving cryptocurrency landscape.