An Ethereum user fell victim to an address poisoning scam, sending nearly $700,000 to a fraudster. The attackers create fake wallet addresses resembling real ones and exploit users’ trust in transaction history. Experts warn as these scams rise, crypto users must verify addresses to prevent loss.
On Sunday, a significant incident involving an Ethereum user unfolded, as this individual sent nearly $700,000 in USDT stablecoin to a scammer through an address poisoning attack. In this scheme, fraudsters closely replicate wallet addresses of legitimate users by sending a small transaction from the counterfeit address. This cunning tactic leads victims to believe they’re dealing with verified addresses during larger transfers.
The victim copied a falsified address after an attacker executed a transaction of 0 USDT that mimicked a Binance deposit address recently used by the user. The chilling efficiency of this scam showcases just how easily trust can be exploited, culminating in a staggering transfer of funds that the victim believed was safe and accurate.
Address poisoning represents a tactic described by many as “low effort, high reward,” playing on people’s inclination to trust their own transaction history. Automated tools are employed by attackers to generate thousands of wallet addresses designed to resemble familiar deposit addresses, particularly on platforms like Binance. According to PeckShield, these scams flourish because users fail to verify every character in the copied address before initiating transfers.
Experts have recommended that crypto holders verify wallet addresses using reliable blockchain explorers like Etherscan. They stress the importance of carefully checking the entire wallet address prior to any fund transfers, urging users not to take shortcuts or rely solely on history.
Investigators at AMLBot have revealed that, upon receiving the $699,990 USDT, the scammer promptly converted the funds into DAI, a decentralised stablecoin. Since DAI can’t be frozen, this conversion is a calculated move that prevents recovery attempts, while the stolen amounts were subsequently transferred through multiple wallets, making any tracking efforts increasingly arduous.
The rise of these address poisoning scams has alarmed blockchain security experts from companies such as Cyvers and PeckShield. Cyvers highlighted that over the last year, one crypto trader was defrauded of over $70 million—the largest incident of its kind. Recently, another victim reported a loss of $467,000 merely days prior to this latest occurrence.
These scams operate by inundating the blockchain with thousands of fake transactions targeting various wallets, banking on the likelihood that even a small proportion of users will fall victim. The efficiency of automation enables these scams to be hugely scalable with minimal cost to the attackers themselves. As a result, experts are urging crypto users to adopt stringent practices, which include verifying wallet addresses manually, avoiding reliance on truncated versions, and steering clear of copying addresses from unverified communications. Remaining vigilant remains the most effective line of defence against these threats.
