Crypto Alert: 2 Victims Lose Over $60M In Address Poisoning Scam

bitcoinistPublicado em 2026-02-09Última atualização em 2026-02-09

Resumo

Cryptocurrency users are facing significant losses due to address poisoning scams, where attackers send tiny "dust" transactions from lookalike addresses. When users copy what appears to be a familiar address, they instead send funds to a fraudulent account. In January, one victim lost $12.25 million, following a $50 million loss in December. Additionally, signature phishing is rising sharply, with $6.27 million stolen from 4,741 victims in January—a 207% increase from the previous month. These scams trick users into approving malicious smart contracts. Analysts report approximately 270 million poisoning attempts across Ethereum and Binance Smart Chain, targeting 17 million addresses. Over 6,633 confirmed theft cases have resulted in more than $83.8 million in losses. The Fusaka upgrade on Ethereum, which reduced transaction fees, has made it cheaper for scammers to execute these attacks. Stablecoins like DAI are often used to move illicit funds due to a lack of cooperation with freezing mechanisms.

A simple slip of the fingers has turned into huge losses for some crypto users. One wallet lost over $12 million in January after copying the wrong address, and similar high-value mistakes were seen in December.

Reports say attackers are using tiny deposits and subtle address tweaks to trick people into sending funds to accounts they do not control.

How Copying Mistakes Turn Costly

Address lookalikes are the trick. Attackers send tiny “dust” transfers from addresses that mimic ones in a user’s history so that when someone copies an address they get the wrong string.

According to Scam Sniffer, that single mistake cost one user $12.2 million in January and followed a $50 million hit in December.

The tactic relies on people trusting what appears familiar; it works because most wallets show only the first and last few characters, and the middle can be swapped for a malicious match.

Signature Phishing Is Growing Too

Signature scams lure users into approving dangerous contract calls or broad token approvals. Reports say $6.27 million was stolen from 4,741 victims in January, a 207% rise from December.

Two wallets took the lion’s share — accounting for 65% of those signature phishing losses. Attackers increasingly mix both tricks: small deposits to get attention, followed by social engineering that convinces someone to sign a transaction.

Scale And Automation

This is not limited to a few isolated scams. Based on reports from several trackers, roughly 270 million poisoning attempts have been recorded across Ethereum and Binance Smart Chain, targeting around 17 million addresses.

Total crypto market cap at $2.35 trillion on the daily chart: TradingView

Confirmed cases leading to actual theft number about 6,633, but the confirmed loss figure already tops $83.8 million. One campaign alone created 82,030 lookalike wallets, and in September 2025 there were about 32,290 suspicious poisoning events hitting 6,516 unique victims.

The numbers show a picture of automated scripts and high-volume tactics designed to find and exploit simple human errors.

Image: Chainalysis

Why Ethereum Has Seen More Dust Activity

Analysts link part of the recent surge to the Fusaka upgrade, which lowered the cost of sending tiny transactions. Coin Metrics analyzed over 227 million stablecoin balance updates on Ethereum from November 2025 through January 2026 and found that 38% of those updates were under a single penny.

Stablecoin-related dust now makes up an estimated 11% of Ethereum transactions and touches 26% of active addresses on an average day. Lower fees make these spray-and-pray tactics cheap and efficient.

Where Stolen Funds End Up

Blockchain intelligence teams have tracked flows and noticed patterns. Whitestream reports that DAI has become a favored place to park illicit proceeds because its protocol governance does not cooperate with authorities to freeze wallets.

Web3 Antivirus has cataloged a range of large poisonings, with tracked losses spanning from $4 million to $126 million in some incidents. Once funds move through these paths they are often hard to recover.

Featured image from Arek Socha/Pixabay, chart from TradingView

Perguntas relacionadas

QWhat is an address poisoning scam in the context of cryptocurrency?

AAn address poisoning scam is a tactic where attackers send tiny 'dust' transfers from addresses that mimic ones in a user's transaction history. This tricks the user into copying the wrong, malicious address when they intend to send funds, resulting in the loss of their cryptocurrency.

QHow much did a single user lose in January due to copying the wrong address, and what was the larger loss reported in December?

AIn January, a single user lost $12.2 million by copying the wrong address. This followed a larger loss of $50 million from a similar mistake in December.

QBesides address poisoning, what other type of attack saw a significant increase in January, and by what percentage did it grow?

ASignature phishing attacks also saw a significant increase. $6.27 million was stolen from 4,741 victims in January, representing a 207% rise from December.

QWhat technical upgrade on the Ethereum network is linked to the recent surge in dusting activity for these scams?

AThe Fusaka upgrade on the Ethereum network is linked to the surge in dusting activity because it lowered the cost of sending tiny transactions, making these spray-and-pray tactics cheap and efficient for attackers.

QAccording to the article, which stablecoin has become a favored place for attackers to park illicit proceeds and why?

ADAI has become a favored place for attackers to park illicit proceeds because its protocol governance does not cooperate with authorities to freeze wallets, making it harder to recover stolen funds.

Leituras Relacionadas

Chip Stocks Hit Record Highs Since 2000, SaaS Stocks Fall to Yearly Lows: Two Worlds Under the AI Divide

The article highlights a stark divergence in the tech market driven by AI: semiconductor stocks are surging while SaaS stocks plummet. On April 23, Texas Instruments saw its best single-day performance since 2000, with Q1 revenue up 19% and data center revenue surging 90%. Intel also reported blowout results, with revenue far exceeding expectations and its stock rising over 20% after hours. The semiconductor ETF (SMH) is up nearly 28% this year. In contrast, SaaS companies like ServiceNow and IBM experienced historic declines, with ServiceNow dropping 18% despite beating earnings estimates. The software ETF (IGV) has entered a technical bear market, losing about $2 trillion in market cap. The trend, dubbed "SaaSpocalypse," reflects fears that AI agents could reduce the need for software licenses and enable companies to build internal tools instead of relying on SaaS subscriptions. The market is rotating capital from software to semiconductors, betting on AI infrastructure as a safer play. Chip stocks now trade at high valuations—Texas Instruments at a P/E over 50, Intel at 120 times forward earnings—pricing in years of growth. However, this depends on continued massive AI capital expenditure from tech giants. If spending slows, the trend could reverse. For now, the divide persists: chips celebrate, SaaS struggles.

marsbitHá 17m

Chip Stocks Hit Record Highs Since 2000, SaaS Stocks Fall to Yearly Lows: Two Worlds Under the AI Divide

marsbitHá 17m

From Robinhood to Polymarket: Is the Era of Integrating All Assets on a Single Platform Coming?

From Robinhood to Polymarket: The Era of All-in-One Asset Platforms Is Coming Asset classes are rapidly converging. Platforms that once specialized in single categories—such as stocks, cryptocurrencies, or prediction markets—are now moving toward offering all three. Robinhood pioneered this model, starting with equities, adding crypto in 2018, and prediction markets in 2025. This strategy has proven resilient: when crypto revenues fell, other segments like options and stocks filled the gap. Now, prediction market leaders Polymarket and Kalshi are moving in the same direction, both announcing perpetual futures trading on April 21, 2026, pending regulatory approval. These futures will cover assets like Bitcoin, gold, and stocks such as Nvidia. This trend mirrors the consolidation seen in consumer tech, like smartphones replacing dedicated cameras and MP3 players. Younger users, accustomed to interacting with multiple asset types from an early age, will increasingly demand unified platforms. A key competitive advantage in prediction markets is collateral utilization—idle assets locked during betting periods. Polymarket’s move into perpetuals may be a strategy to generate yield from that capital, similar to earlier DeFi integrations like PolyAave. As the regulatory landscape evolves, traditional finance is also likely to incorporate crypto and prediction markets, further accelerating this convergence.

marsbitHá 17m

From Robinhood to Polymarket: Is the Era of Integrating All Assets on a Single Platform Coming?

marsbitHá 17m

OpenAI Goes Left, DeepSeek Goes Right

On April 24, 2026, DeepSeek released V4, a Chinese large language model offering a free "million-token context window," enabling it to process vast amounts of data like entire books or years of corporate documents in one go. In contrast, OpenAI’s GPT-5.5, released around the same time, is more powerful but significantly more expensive, charging up to $180 per million output tokens. DeepSeek’s strategy represents a shift from a pure AI research firm to a heavy-infrastructure player, building data centers in Inner Mongolia’s Ulanqab to bypass U.S. chip export restrictions. This move, supported by Huawei’s Ascend chips and China’s cheap green electricity, highlights a fundamental divergence in AI development models: U.S. firms focus on high-cost, high-margin services, while Chinese players like DeepSeek prioritize accessibility and affordability. Facing intense talent poaching from tech giants, DeepSeek is seeking a $44 billion valuation funding round to retain researchers and scale infrastructure. Meanwhile, Chinese manufacturers are compressing AI models to run on smartphones, making AI accessible offline and across the Global South. Through open-source models and localized solutions, Chinese AI is empowering non-English speakers and low-income users, driving a form of "digital equality." While Silicon Valley builds walled gardens, DeepSeek and others are turning AI into a public utility—like tap water—flowing freely to those previously left behind.

marsbitHá 43m

OpenAI Goes Left, DeepSeek Goes Right

marsbitHá 43m

Sam Bankman-Fried Backs Off New Trial Request, Keeps Pressure On Judge Removal

Sam Bankman-Fried has withdrawn his request for a new trial, stating he does not expect a fair hearing from Judge Lewis Kaplan, who oversees his criminal case. He withdrew the motion without prejudice, meaning he can refile it after his appeal and a separate request to remove Kaplan from the case are resolved. Bankman-Fried is serving a 25-year sentence for fraud related to the collapse of FTX. The withdrawal followed a court-ordered inquiry into whether he had legal help drafting an earlier filing, which he denied. His efforts to replace the judge and appeal his conviction continue. Outside court, he has sought a pardon, but former President Trump has indicated he will not grant one.

bitcoinistHá 1h

Sam Bankman-Fried Backs Off New Trial Request, Keeps Pressure On Judge Removal

bitcoinistHá 1h

$292 Million KelpDAO Cross-Chain Bridge Hack: Who Should Foot the Bill?

On April 18, 2026, an attacker stole 116,500 rsETH (worth ~$292M) from KelpDAO’s cross-chain bridge in 46 minutes—the largest DeFi exploit of 2026. The stolen assets were deposited into Aave V3 as collateral, causing $177–200M in bad debt and triggering a cascade of losses across nine DeFi protocols. Aave’s TVL dropped by ~$6B overnight. This legal analysis argues that KelpDAO and LayerZero Labs share concurrent liability, with fault apportioned 60%/40%. KelpDAO negligently configured its bridge with a 1-of-1 decentralized verifier network (DVN)—a single point of failure—despite LayerZero’s explicit recommendation of a 2-of-3 setup. LayerZero, which operated the compromised DVN, failed to secure its RPC infrastructure against a known poisoning attack vector. Both protocols’ terms of service cap liability at $200 (KelpDAO) or $50 (LayerZero), but these limits are likely unenforceable due to unconscionability, gross negligence exceptions, and potential securities law invalidation (if rsETH is deemed a security under the Howey test). Aave’s governance also faces fiduciary duty claims for raising rsETH’s loan-to-value ratio to 93%—far above competitors’ 72–75%—without adequately assessing bridge risks, amplifying the systemic fallout. Practical recovery targets include LayerZero Labs (a registered Canadian entity), KelpDAO’s founders, auditors, and identifiable Aave governance delegates. The incident underscores escalating legal risks for DeFi protocols, infrastructure providers, and governance participants.

marsbitHá 1h

$292 Million KelpDAO Cross-Chain Bridge Hack: Who Should Foot the Bill?

marsbitHá 1h

Trading

Spot
Futuros
活动图片

Categorias popularesright-arrow

Etiquetas Popularesright-arrow