In a world of cryptocurrency, where transactions are irreversible, errors can cost a fortune. Recently, on December 2, 2025, a user lost over $1.1 million in the US$T stablecoin, falling victim to a sophisticated attack known as "address poisoning". This incident quickly revolved around social media, including the X platform (formerly Twitter), where users shared warnings and analyses. Let us take a closer look at this incident, the attack mechanism, and how to avoid similar pitfalls.
What happened exactly?
According to the information provided by the @web3_avirus account on the X platform, The attack began with a small "dust" transaction of only USD 0.0015. Scammer sent this symbolic amount to the victim's wallet to enter a false address into the transaction history. Just eight minutes later, the victim – probably copying the address from history instead of verifying it manually – sent $1,099,516.02 USDT (equivalent to about $1.1 million) to the impostor's account.
Transakcja została zarejestrowana na blockchainie Ethereum. Odbiorcą tokenów USDT okazał się fałszywy portfel: 0xec6d9b6bf7a9b2e1d74. Importantly, the false address was intentionally designed to resemble the real one – with similar initial and final characters, which makes it easier for you to check quickly.
Post on X by @kkashi_yt illustrated the difference between the addresses, highlighting how easy it is to make a mistake. User lost funds in minutesand the return on investment (ROI) for the scammer was astronomical 733,000x – all thanks to the clever use of psychology and blockchain mechanisms.
What is address poisoning?
Address poisoning, also known as "address poisoning", is a kind of cryptocurrency fraud in which the attacker creates a wallet address similar to the victim's address or its frequent counterparties. Scammer monitors the victim's transactions and then generates an address with identical initial and final characters (e.g. first 4-5 and last 4-5 characters). He then sends a small, inconspicuous transaction (so-called dust tx) that appears in the history of the victim's wallet.
When the victim wants to send funds, he often copies the address from the transaction history instead of introducing it manually. If you do not check the entire string of characters, you can copy the false address and transfer funds directly to the scammer. These attacks are particularly common on blockchains such as Ethereum or TRON, where transactions are public and easy to track. Unlike phishing, address poisoning does not require interaction with fake pages – it is enough to ignore the user.
Research shows that such attacks are becoming more frequent, especially in periods of cryptocurrency market growth when users are operating under time pressure. Companies like Chainalysis or Trezor regularly warn against them, stressing that the key to security is to verify the full address.
How to Avoid Address Poisoning?
To avoid falling victim to a similar attack, it is worth following some simple rules:
- Always verify full address: Do not rely on shortcuts – check the entire string of characters before sending funds.
- Używaj narzędzi bezpieczeństwa: Rozszerzenia przeglądarkowe jak Web3 Antivirus czy portfele sprzętowe (np. Trezor, Ledger i inne) mogą wykrywać podejrzane transakcje i adresy.
- Wysyłaj testowe transakcje: Przed przelaniem dużej kwoty, wyślij małą sumę i potwierdź jej dotarcie.
- Unikaj kopiowania z historii: Zawsze wprowadzaj adres ręcznie lub używaj zaufanych bookmarków.
- Edukuj się: Śledź wiarygodne źródła, aby być na bieżąco z nowymi zagrożeniami.
W erze kryptowalut bezpieczeństwo zależy przede wszystkim od użytkownika. Ten incydent to bolesne przypomnienie, że pośpiech i nieuwaga mogą kosztować miliony. Jeśli robisz transkacje kryptowalutami, pamiętaj: lepiej sprawdzić dwa razy, niż żałować raz.
