What Is Address Poisoning in Crypto?

Address poisoning is a crypto scam where the attacker sends a tiny "dust" transaction from a wallet address that visually matches one of your recent counterparties — same first four and last four characters. The goal is to pollute your transaction history so you copy the attacker's address on your next transfer and send funds to them by mistake. Losses are reversible only in the rare case the attacker never moves the funds.

Also known as: address poisoning attack, dust attack, look-alike address

Ask Stingray anything about Address Poisoning

How an address poisoning attack works

  1. Target selection. The attacker watches on-chain activity for wallets that recently received or sent funds — often an exchange withdrawal, a DEX trade, or a recurring payment.
  2. Vanity-address generation. They grind a new address with a specific prefix and suffix that match one of your known counterparties. An address like 0xAbC1...f872 gets paired with a look-alike 0xAbC1...f872 that differs only in the middle characters you never read.
  3. Dust transaction. The attacker sends a tiny amount (often 0 tokens or $0.01) from their vanity address to your wallet. This makes the poisoned address appear in your wallet history alongside the legitimate counterparty.
  4. The trap. When you next want to send funds to the real counterparty, you open your history, copy “the same address you used last time” — but now there are two addresses that look identical at the start and end. You pick the wrong one.
  5. The send. Funds go to the attacker. Transaction is irreversible.

Why it works

Wallet UIs truncate addresses for readability. MetaMask, Phantom, and exchange UIs all show 0xAbC1...f872 instead of the full 42-character string. The attacker only has to match the visible characters. Human pattern-matching does the rest — you see the same truncated display twice and assume it’s the same address.

Sophisticated variants:

  • Ethereum zero-value transfer with fake event. An attacker can emit a Transfer event in a contract that falsely shows funds moving from your address to their look-alike, making the poisoned address appear in your history as if you sent to it.
  • Stablecoin dust. Sending $0.01 USDC is low-cost and makes the poisoned address show up in the top of your stablecoin history.
  • Targeting whales after large withdrawals. Mempool scanners identify big exchange withdrawals within seconds, generate a matching vanity address, and poison before the user makes their next transfer.

How to defend against it

  1. Never copy addresses from transaction history. Always pull from your address book, a hardware wallet confirmation, or the counterparty’s verified channel.
  2. Verify the full address, not just the visible characters. Read at least 8 characters at each end, plus at least 4-6 in the middle. Hardware wallets display the full string for a reason.
  3. Use a hardware wallet for meaningful transfers. The device forces you to see the full destination before signing.
  4. Treat any dust transaction as suspicious. Don’t interact with dust-sent tokens — they can carry malicious contract logic as well as being poisoning attempts.
  5. Name your counterparties. Wallets like Rabby, Zerion, and Frame let you label addresses. A labeled address book is your single source of truth, not the transaction history.
  6. Check the first send to any new counterparty in both directions. Send a tiny amount first, confirm receipt through a side channel, then send the full amount.

Risks and considerations

Address poisoning scales well because it’s cheap for the attacker — one dust transaction costs cents but the payoff can be six or seven figures from a single mistake. Losses are effectively permanent; chain analytics can trace the funds but recovery depends on the attacker cashing out through a KYC-ed venue, which sophisticated operators avoid. The attack class is growing faster than other drainer categories because it requires no malicious dApp, no signature, no seed-phrase leak — just a cognitive slip. Hardware-wallet display hygiene plus a well-maintained address book are the only reliable defenses.

See also on Stingray

Related terms

Phishing Phishing in crypto is an attack where someone tricks you into revealing your seed phrase or signing a malicious transaction. Wallet A crypto wallet is a tool that stores private keys and signs transactions on behalf of a user. Self Custody Self-custody means holding your own private keys and bearing full responsibility for their security. Rug Pull A rug pull is a crypto scam where the token's deployer drains the liquidity pool and disappears, leaving holders with a worthless token.