In a troubling trend for Ethereum users, two individuals recently lost a staggering total of nearly $1 million to a scam known as address poisoning. The first victim suffered a loss of approximately $600,000 on Tuesday morning, while another user lost over $350,000 just days prior.
The recent incidents highlight the risks associated with address poisoning, a tactic wherein scammers send multiple spam transactions to a genuine user following a legitimate transfer. The goal is to confuse the user into mistakenly copying a malicious, look-alike address for future transactions. This tactic can involve fake versions of popular token tickers or small amounts of genuine assets.
In the case of the $600,000 loss, the victim had initially sent a modest $12 to the correct address. Shortly thereafter, the wallet was inundated with transactions from a similar-looking address, which ultimately led to the significant financial loss. The user neglected to verify the complete wallet address, a common but critical oversight.
SpecterAnalyst, an on-chain investigator, urged the crypto community to “always verify the entire wallet address” to avoid such costly mistakes. They noted that the recent increase in address poisoning incidents correlates with Ethereum”s Fusaka upgrade, which reduced transaction fees and spurred a surge in newly created addresses.
Last week”s incident involved a user who lost over $350,000 despite conducting a test transaction to the scammer”s spoofed address. Unfortunately, the test funds were not properly confirmed before the main transfer was executed, emphasizing how routine actions can lead to significant errors if proper caution is not exercised.
Experts like Barabazs.eth and Ump.eth from the Ethereum Foundation have proposed solutions to mitigate these risks. One suggested tool allows for visually truncated addresses while keeping the full text searchable, enabling users to double-check before executing transactions.
While technological solutions are being developed, the safest practice remains utilizing an address book rather than copying addresses from block explorers, which often abbreviate lengthy wallet addresses.
The continuing rise in address poisoning incidents serves as a stark reminder for all cryptocurrency users to remain vigilant and verify every detail when transferring digital assets.
