Introduction
A staggering sum of $62 million in cryptocurrency has been lost due to two separate incidents of address copying errors that occurred between December and January, highlighting the alarming vulnerabilities present in routine wallet practices among Ethereum users.
Details of the Incidents
In a report released by ScamSniffer on February 8, the firm revealed that a user fell victim to a counterfeit wallet address that he unwittingly copied from his transaction history, resulting in a $50 million loss in December 2025. This was soon followed by the theft of approximately $12.25 million (around 4,556 ETH at the time) in January 2026, also due to a similar mistake involving an address that closely resembled a legitimate one.
Address Poisoning and Its Implications
These instances reflect a growing trend of what is known as “address poisoning,” where malicious actors create fake wallet addresses that mimic real addresses. Such operations exploit the common behavior of users who tend to copy and paste addresses without thoroughly verifying them. Attackers monitor the blockchain for active transactions, subsequently flooding the network with tiny transactions—often referred to as “dust”—to embed these deceptive addresses into the transaction histories of potential victims.
Signature Phishing Surge
The fallout from these scams is compounded by another form of digital deception called signature phishing, which has seen a dramatic surge. In January, losses attributed to this type of scam reached $6.27 million, impacting over 4,700 victims, marking a staggering 207% increase from the previous month. High-profile thefts included $3.02 million taken from SLVon and XAUt tokens through manipulated transaction permissions, and $1.08 million from aEthLBTC using similar schemes.
Impact of Ethereum’s Fusaka Upgrade
As transaction fees on Ethereum fell following its Fusaka upgrade in late 2025, the cost barrier for executing such attacks diminished significantly, allowing criminals to launch extensive operations more efficiently. Researchers are now witnessing millions of dust transactions being processed daily, many of which aim solely to prime the ground for future thefts. This uptick has distorted the network’s activity metrics, muddling genuine user engagement with malicious interactions.
Criminal Coordination and User Behavior
The coordinated efforts of established criminal factions have been connected to these address poisoning campaigns, which efficiently reuse infrastructure across numerous wallets. Security analysts note that these attacks are not the result of user negligence in the traditional sense, but rather the outcome of predictable behaviors developed over time. One expert highlighted that many victims were simply following habits honed through countless previous transactions.
Preventative Measures
To combat these rising threats, ScamSniffer and other cybersecurity advocates are emphasizing precautionary measures: users should refrain from copying wallet addresses directly from transaction histories, verify the authenticity of full wallet strings manually, and utilize saved contacts for frequent exchanges. Given the current landscape, where low transaction costs and automation are on the rise, analysts anticipate that both address poisoning and signature phishing will remain pervasive challenges for crypto users moving forward, unless new safeguards and user practices are universally adopted.
