TL;DR
- Surging losses: More than $1.6 million was stolen this week via address poisoning, including 140 ETH misdirected and an $880,000 stablecoin drain. Additional victims lost $80,000 and $62,000.
- Tactic explained: Attackers seed lookalike addresses with tiny transfers so victims copy from poisoned history and send funds to scammers by mistake. ScamSniffer dubs it transaction history poisoning.
- Defense and related risks: Avoid copying from history, use address books or whitelists, and verify the full address string before sending any funds. At least $600,000 also vanished after users signed malicious approvals.
Address poisoning scams are surging across crypto wallets, with more than $1.6 million stolen this week, according to alerts from ScamSniffer. One victim sent 140 Ether, about $636,500, to a lookalike address seeded in their history. Another case drained roughly $880,000 in stablecoins, while others lost $80,000 and $62,000. The wave already eclipses March’s $1.2 million total, and investigators warn the tactic is accelerating.
🚨💔 1 hour ago, a victim lost 140 ETH ($636,559) after copying the wrong address from contaminated transfer history. pic.twitter.com/iFuzpjup98
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) August 15, 2025
How address poisoning works
Attackers send tiny transactions from accounts crafted to resemble legitimate destinations, making the phony address appear in a wallet’s recent activity. When users later copy from history, the lookalike can be pasted by mistake, and funds go to the scammer. ScamSniffer calls this “transaction history poisoning,” noting the 140 ETH victim had a history filled with poison entries that primed the copy-paste error.
This week’s damage tally
Expert’s review of cybersecurity alerts shows losses topping $1.6 million since Sunday. That includes the 140 ETH misdirected on Friday, roughly $880,000 siphoned in a separate address poisoning scheme on Sunday, and additional five-figure thefts. The pace eclipses March, when about $1.2 million was lost to the technique in total, underscoring how quickly poisoners can scale once a wallet’s history is contaminated.
Phishing signatures compound the risk
In parallel, scammers harvested at least $600,000 this week by tricking users into signing malicious approvals like approve, increaseAllowance, and permit. In one case on Tuesday, a victim lost about $165,000 worth of BLOCK and DOLO tokens after authorizing harmful signatures. While distinct from address poisoning, these tactics often coexist in the same hunting grounds, exposing inattentive signers and hurried treasurers to outsized losses.
Practical defenses to deploy now
Security teams advise never copying from transaction history and instead relying on an address book or whitelist with verified entries. Always check the full address string, not just a few leading and trailing characters, before sending. For treasuries and power users, label counterparties that require dual review for large transfers, and treat any unexpected “test” deposit as a red flag designed to seed your history.
