Scammers using a tactic called "crypto address poisoning" have stolen $1.6 million in cryptocurrency just this week, surpassing losses from the entire month of March 2025. This scam relies on contaminating wallet transaction histories by sending small amounts of crypto from fake addresses that visually resemble legitimate ones. Victims mistakenly copy these poisoned addresses from their transaction histories and send funds to scammers.
Key incidents include:
-
A victim lost 140 Ethereum (ETH), worth around $636,500, after copying a poisoned address.
-
Another victim lost $880,000 worth of USDT, with evidence that additional transfers were attempted from multiple wallets.
-
Other losses of $80,000 and $62,000 were also reported.
In addition to address poisoning, about $600,000 was lost due to malicious signature signing scams, where victims unintentionally authorized fraudulent transactions using deceptive commands like "approve" or "increase Allowance."
Security experts warn that address poisoning exploits users' trust in transaction histories and emphasize verifying the full wallet address, using whitelists or address books, and exercising caution before sending funds. The immutable and anonymous nature of blockchain transactions means victims usually have no recourse to recover lost funds.
This surge in sophisticated scams on primarily the Ethereum network highlights the need for stronger user education, better wallet security features, and advanced fraud detection systems in the crypto space. Blockchain platforms and wallet providers are urged to improve transaction history transparency and address validation warnings to reduce the success of such scams.
The total $1.6 million loss over a week reflects a growing problem in crypto fraud, fueled by the increasing number of digital asset users and attackers exploiting interface vulnerabilities and human error.
It's me, @justmythoughts, an ordinary Hive user looking to make the most of the platform. I will appreciate your support. Follow me for more. Thanks, Gracias :)
Posted Using INLEO