"Most crypto users believe that their funds stay secure as long as their private keys are protected. However, as a rising number of scams show, this is not always the case. Scammers have been using an insidious tactic, address poisoning, to steal assets without ever accessing the victim's private key. In February 2026, a phishing scheme targeted a Phantom Chat feature."
"Using an address poisoning tactic, attackers successfully drained roughly 3.5 Wrapped Bitcoin (wBTC), worth more than $264,000. In 2025, a victim lost $50 million in Tether's USDt ( USDT) after copying a poisoned address. Such incidents have highlighted how poor interface design and everyday user habits can result in massive losses."
"Address poisoning exploits behavior, not private keys. Attackers manipulate transaction history and rely on users mistakenly copying a malicious lookalike address. Cases such as the 50-million-USDT loss in 2025 and the 3.5 wBTC drain in February 2026 demonstrate how simple interface deception can lead to massive financial damage. Copy buttons, visible transaction history and unfiltered dust transfers make poisoned addresses appear trustworthy within wallet interfaces."
Address poisoning is a scam that exploits user behavior by planting deceptive transaction entries so victims copy malicious lookalike addresses. Attackers send spam or dust transfers to victim-addresses or related accounts, which wallets display in transaction histories and copy buttons, making malicious addresses appear legitimate. Notable incidents include a 2025 $50 million USDT loss and a February 2026 3.5 wBTC ($264,000) drain via a Phantom Chat phishing scheme. The tactic succeeds because blockchains are permissionless and wallets typically surface all transactions. Practical defenses include wallet UI safeguards, transaction filtering, address validation, and user education to avoid copying unverified addresses.
Read at Cointelegraph
Unable to calculate read time
Collection
[
|
...
]