A Simple Mistake Led to a $600,000 Loss
A simple copy and paste error cost an unfortunate trader $600,000 on February 17 after a blockchain security firm called Cyvers uncovered the incident. This event is part of a growing trend of address poisoning attacks that have become increasingly common this year.
Cyvers Alerts detected the attack using its real-time blockchain monitoring system. They found that the victim was targeted using zero-value transfers. These are techniques where attackers send fake transactions to a victim’s wallet, contaminating their transaction history with similar addresses. Once these vectors are planted, the poisoned address remains in the victim’s history, waiting for the moment they attempt a quick copy and paste instead of manually entering or verifying each character of the wallet’s address.
Most victims end up losing all their assets involved in such transfers due to the irreversible nature of blockchain transactions.
A Growing Trend of Address Poisoning Attacks
The $600,000 loss is just one of many. Address poisoning attacks have increased rapidly in both frequency and scale. This year alone has already seen several high-profile losses that highlight the serious threats facing the industry.
In December 2025, a crypto trader lost $50 million in USDT after copying a fake address from their history. This was the second-largest address poisoning loss ever recorded. The victim had withdrawn funds from Binance, sent a $50 test transaction to the correct address, and then minutes later, copied the poisoned address for a full $50 million transfer.
The attacker converted the stolen USDT to DAI tokens and then approximately 16,690 ETH within 30 minutes, channeling most of it through Tornado Cash to obscure their trail. The victim offered a $1 million bounty for recovery of 98% of the funds and threatened criminal charges if the terms were not met.
January 2026 was no different. On January 16, a victim lost $514,000 in USDT after sending a $5,000 test transaction to a poisoned address ending in “f3e6F,” which was nearly identical to their intended recipient ending in “D3E6F.” They followed up with the full transfer minutes later.
Two weeks later, another victim lost $12.25 million after sending 4,556 ETH to an attacker-controlled address copied from a contaminated transaction history. ScamSniffer, who flagged this incident, noted that the two addresses were almost identical in the visible characters, with only minor differences in the hidden middle sections that most wallets abbreviate.
This month’s victim has now joined a pattern of losses that have cost users millions of dollars in less than three months. These losses are primarily due to more sophisticated attacks and a user base that still relies on abbreviated address displays and copy-paste habits for routine transactions.
Over One Million Poisoning Attempts Daily
According to reports by Cyvers specialists, over one million poisoning attempts occur every single day on the Ethereum network alone. Another study discovered at least seven distinct attack groups actively running address poisoning campaigns on Ethereum. Some of these groups reuse their fake addresses on both Ethereum and the Binance Smart Chain simultaneously.
The study confirmed that attackers typically target high-value wallets with frequent transaction histories. They often run statistical analyses of USDT and USDC balances to identify the most profitable potential victims before deploying their fake transactions.
“More users and institutions are leveraging automated tools for crypto transactions, some of which may not have built-in verification mechanisms to detect poisoned addresses,” said Cyvers’ CEO. He added that “the growing sophistication of attackers and the lack of pre-transaction security measures” are the primary drivers of the increase.
Industry Responses and Solutions
Industry stakeholders have started voicing their opinions. Some have publicly called on wallet developers to block poisoned addresses by default following the $50 million loss in December.
As reported on December 24, 2025, CZ proposed a blueprint to protect cryptocurrency users from fraudulent transactions. “Our industry should be able to completely eradicate this type of poison attacks, and protect our users,” he wrote on Binance’s social platform. “All wallets should simply check if a receiving address is a ‘poison address,’ and block the user.”
Other wallet providers are now exploring pre-execution risk assessments that simulate a transaction before it is signed, showing users exactly where their funds will go before asking them to confirm.
Some researchers also advocate for whitelisting frequently used addresses directly in the wallet’s settings to eliminate reliance on transaction histories entirely.
The smartest crypto minds already read our newsletter. Want in? Join them.