Ethereum Address Poisoning Attack Escalates: After One Transfer, He Received 89 Alert Emails
Ethereum address poisoning attacks have evolved into a highly automated and industrialized threat, as highlighted by a user who received 89 alert emails after just two legitimate stablecoin transfers. Attackers monitor blockchain activity to identify targets, then generate and send fake addresses with similar starting and ending characters to the victim’s transaction history, aiming to trick users into copying the wrong address in future transactions.
A 2025 study revealed that between July 2022 and June 2024, Ethereum saw 17 million poisoning attempts affecting 1.3 million users, causing at least $79.3 million in losses. The problem has intensified since the Fusaka upgrade in December 2025, which reduced transaction fees and enabled attackers to scale poisoning efforts—evidenced by a massive increase in dust transactions (e.g., USDT dust transfers surged 612%).
The core defense remains vigilance: always verify addresses before sending funds. Use tools like Etherscan’s address labels, ENS domains, and address highlighting to distinguish legitimate addresses. Enable wallet whitelisting and heed warnings when copying suspicious addresses. As transactions become cheaper and attacks more frequent, user awareness and improved interface designs are critical to mitigating risks.
marsbit03/13 12:06
