An Ethereum investor recently lost $12.4 million in a sophisticated address poisoning scam after accidentally sending funds to a fraudulent wallet that mimicked a frequent contact. Security experts warn that this incident highlights the critical danger of copying wallet addresses from transaction histories rather than using verified address books.
The massive theft involved 4,556 Ethereum and was the result of a long-term operation by a patient attacker. According to on-chain analysts, the hacker spent approximately two months monitoring the victim’s wallet activity to identify patterns. By tracking regular transfers to an over-the-counter settlement address, the attacker was able to prepare a deceptive look-alike address for the final phase of the scam.
To execute the attack, the hacker used a technique known as dusting, where a nominal amount of cryptocurrency is sent to the target’s wallet. This transaction was carefully designed so that the sender’s address shared the same starting and ending characters as the victim’s legitimate contact. This small transfer was intended to plant the fraudulent address at the top of the victim’s recent transaction history, lying in wait for the next major transfer.
The strategy proved successful when the investor prepared to move a large sum of funds. Instead of manually verifying the full string of characters or using a saved contact, the victim copied the address from their most recent activity. Because the fraudulent address looked nearly identical to the legitimate one at a glance, the victim inadvertently authorized the transfer of millions of dollars directly into the attacker’s control.
Blockchain security firms like Scam Sniffer have pointed to this event as a stern reminder of the evolution of crypto-based fraud. They emphasize that address poisoning relies entirely on human error and the visual similarity of wallet strings. To prevent similar losses, experts advise users to double-check every character of a destination address and to move away from using transaction logs as a reference for repeat payments.
Source: Crypto Investor Loses Over Twelve Million In Ethereum To Address Poisoning Scam