Skip to main content

Overview

Address poisoning is a social engineering attack where attackers send small transactions from addresses that look similar to ones you’ve previously interacted with. The goal is to trick you into copying the wrong address when making future transfers.
Address poisoning has caused millions in losses. Always verify the full address, not just the first and last few characters.

How It Works

  1. Monitoring: Attacker watches your transaction history
  2. Address Generation: Creates address with similar start/end characters
  3. Poisoning: Sends tiny transaction (dust) to your wallet
  4. Deception: Fake address appears in your transaction history
  5. Theft: Victim copies poisoned address for next transfer

Example Attack

Your regular recipient: 
0x1234...abcd
Poisoned address (looks similar): 
0x1234...abce
The attacker generates an address matching the first 4 and last 4 characters, hoping you’ll copy from history without verifying the full address.

Detection Indicators

TagSeverityDescription
address_poisoningHighAddress involved in poisoning attacks

Why It’s Effective

  • Transaction history UI: Most wallets show truncated addresses
  • Copy habits: Users often copy from recent transactions
  • Similar appearance: Human eyes struggle with hex comparison
  • Low cost: Generating similar addresses is computationally cheap

Vulnerable Scenarios

High Risk

  • Copying addresses from transaction history
  • Using auto-complete in wallet apps
  • Sending large transfers without verification

Lower Risk

  • Using saved address book entries
  • Scanning QR codes directly
  • Verifying full addresses character by character

API Example

# Check if an address has been involved in poisoning
curl -X GET "https://api.webacy.com/addresses/0x123.../poisoning?chain=eth" \
  -H "x-api-key: YOUR_API_KEY"
Response example: 
{
  "poisoning_detected": true,
  "status": "success",
  "summary": {
    "total_suspicious": 1,
    "high_risk_count": 1
  },
  "suspicious_transactions": [
    {
      "from": "0x1234567890abcdef1234567890abcdef12345678",
      "to": "0x2e5df068f6cF3A1A3e0A70951c685021CB2954C0",
      "tx_hash": "0x79e7b0a45a73b86fe51882d2553355e15bda7bebb6c3e222c09d8fd2f43aa076",
      "similar_to": "0x1234567890abcdef1234567890abcdef12345679",
      "similarity": 0.95,
      "levenshtein": 2,
      "suspicion_score": 0.85,
      "token_name": "USDT",
      "value": "0"
    }
  ]
}

Protection Strategies

  1. Verify full addresses - Check every character, not just start/end
  2. Use address books - Save verified addresses in your wallet
  3. Double-check large transfers - Extra verification for significant amounts
  4. Ignore dust transactions - Don’t interact with unexpected small deposits
  5. Use QR codes - When available, scan rather than copy/paste
  6. Enable address validation - Some wallets can warn about similar addresses

Wallet Best Practices

// Never trust truncated addresses
const isSameAddress = (addr1, addr2) => {
  // Always compare full addresses, case-insensitive
  return addr1.toLowerCase() === addr2.toLowerCase();
};

// Bad: Only checking first/last characters
const badCheck = addr.slice(0,6) === saved.slice(0,6); // DON'T DO THIS