Address Poisoning

Address poisoning is a social engineering tactic where attackers insert a deceptive, look-alike address into a victim’s wallet history so it’s later copied by mistake. The attacker typically sends a dust-value transfer from an address that shares the same leading and trailing characters as a legitimate contact.

Real-world example: In May 2024, a crypto whale lost $68 million in WBTC through address poisoning attack. The victim later recovered funds through negotiations.

The attacker created a lookalike address starting with “0xd9A1c” to mimic the victim’s intended recipient “0xd9A1b.”

Wallet interfaces and explorers often show truncated addresses. By placing a near-match entry in “recent activity,” attackers exploit habits like copy-pasting from history rather than source-verifying the destination. Any funds sent to the poisoned address are irreversible once confirmed on-chain. The scheme targets user behavior and UI patterns; no protocol breach is required.

• Use Kerberus and other leading Web3 security tools to detect social engineering tactics before they impact you
• Verify the entire destination address (or use saved contacts/ENS where supported).
• Avoid copying from transaction history; use the original trusted source.
• Treat unexpected, tiny inbound transfers as suspicious “dust.”
• Maintain an address book for frequent recipients.
• Use cold storage like hardware wallets where possible