Transaction Poisoning

Transaction poisoning is a malicious deception technique where attackers craft look-alike transactions in or around a victim’s activity record to induce copying the wrong recipient later. It overlaps with address poisoning but focuses on mimicking amounts, timing, and metadata to create a convincing “trail.”

Adversaries monitor mempools and public histories, then broadcast small transactions that mirror legitimate ones (token, value, sometimes gas pattern) while swapping in their own address.

By shaping ordering or timing, they aim to place the spoof where users commonly copy from. When the victim reuses that “familiar” address, funds are irretrievably sent to the attacker.

• Confirm recipients from original sources (contact book, verified profile, signed message).
• Avoid copying addresses from explorer histories or old transactions.
• Check multiple characters across the entire address, not just the prefix/suffix.
• Maintain signed allowlists for recurring payees where feasible.
• Use a real-time Web3 security tool like Kerberus to detect malicious behavior before it impacts your pocket