In a world of cryptocurrency, where transactions are irreversible, errors can cost a fortune. Recently, on December 2, 2025, a user lost over $1.1 million in the US$T stablecoin, falling victim to a sophisticated attack known as "address poisoning". This incident quickly revolved around social media, including the X platform (formerly Twitter), where users shared warnings and analyses. Let us take a closer look at this incident, the attack mechanism, and how to avoid similar pitfalls.
What happened exactly?
According to the information provided by the @web3_avirus account on the X platform,The attack began with a small "dust" transaction of only USD 0.0015. Scammer sent this symbolic amount to the victim's wallet to enter a false address into the transaction history.Just eight minutes later, the victim – probably copying the address from history instead of verifying it manually – sent $1,099,516.02 USDT (equivalent to about $1.1 million) to the impostor's account.
Transakcja została zarejestrowana na blockchainie Ethereum. Odbiorcą tokenów USDT okazał się fałszywy portfel: 0xec6d9b6bf7a9b2e1d74. Importantly, the false address was intentionally designed to resemble the real one – with similar initial and final characters, which makes it easier for you to check quickly.
Post on X by @kkashi_yt illustrated the difference between the addresses, highlighting how easy it is to make a mistake.User lost funds in minutesand the return on investment (ROI) for the scammer was astronomical 733,000x – all thanks to the clever use of psychology and blockchain mechanisms.
What is address poisoning?
Address poisoning, also known as "address poisoning", is a kind of cryptocurrency fraud in which the attacker creates a wallet address similar to the victim's address or its frequent counterparties. Scammer monitors the victim's transactions and then generates an address with identical initial and final characters (e.g. first 4-5 and last 4-5 characters). He then sends a small, inconspicuous transaction (so-called dust tx) that appears in the history of the victim's wallet.
When the victim wants to send funds, he often copies the address from the transaction history instead of introducing it manually. If you do not check the entire string of characters, you can copy the false address and transfer funds directly to the scammer.These attacks are particularly common on blockchains such as Ethereum or TRON, where transactions are public and easy to track. Unlike phishing, address poisoning does not require interaction with fake pages – it is enough to ignore the user.
Research shows that such attacks are becoming more frequent, especially in periods of cryptocurrency market growth when users are operating under time pressure. Companies like Chainalysis or Trezor regularly warn against them, stressing that the key to security is to verify the full address.
How to Avoid Address Poisoning?
To avoid falling victim to a similar attack, it is worth following some simple rules:
- Always verify full address: Do not rely on shortcuts – check the entire string of characters before sending funds.
- Use security tools: Browser extensions like Web3 Antivirus or hardware wallets (e.g. Trezor, Ledger and others) can detect suspicious transactions and addresses.
- Send Test Transactions: Before transferring a large amount, send a small sum and confirm its reaching.
- Avoid copying from history: Always enter the address manually or use trusted bookmarks.
- Educate: Follow reliable sources to keep up with new threats.
In the cryptocurrency era, security depends primarily on the user. This incident is a painful reminder that haste and carelessness can cost millions. If you do cryptocurrency transactions, remember: better double-check than regret once.
