Skip to main content

Overview

Address poisoning is a social engineering attack where attackers send small transactions from addresses that look similar to ones you’ve previously interacted with. The goal is to trick you into copying the wrong address when making future transfers.
Address poisoning has caused millions in losses. Always verify the full address, not just the first and last few characters.

How It Works

  1. Monitoring: Attacker watches your transaction history
  2. Address Generation: Creates address with similar start/end characters
  3. Poisoning: Sends tiny transaction (dust) to your wallet
  4. Deception: Fake address appears in your transaction history
  5. Theft: Victim copies poisoned address for next transfer

Example Attack

Your regular recipient:
Poisoned address (looks similar):
The attacker generates an address matching the first 4 and last 4 characters, hoping you’ll copy from history without verifying the full address.

Detection Indicators

Why It’s Effective

  • Transaction history UI: Most wallets show truncated addresses
  • Copy habits: Users often copy from recent transactions
  • Similar appearance: Human eyes struggle with hex comparison
  • Low cost: Generating similar addresses is computationally cheap

Vulnerable Scenarios

High Risk

  • Copying addresses from transaction history
  • Using auto-complete in wallet apps
  • Sending large transfers without verification

Lower Risk

  • Using saved address book entries
  • Scanning QR codes directly
  • Verifying full addresses character by character

API Example

Response example:

Protection Strategies

  1. Verify full addresses - Check every character, not just start/end
  2. Use address books - Save verified addresses in your wallet
  3. Double-check large transfers - Extra verification for significant amounts
  4. Ignore dust transactions - Don’t interact with unexpected small deposits
  5. Use QR codes - When available, scan rather than copy/paste
  6. Enable address validation - Some wallets can warn about similar addresses

Wallet Best Practices