{"id":21560,"date":"2026-02-09T05:16:03","date_gmt":"2026-02-09T05:16:03","guid":{"rendered":"https:\/\/bitunikey.com\/news\/ethereum-address-poisoning-crypto-users-62m-in-two-months-scamsniffer\/"},"modified":"2026-02-09T05:16:22","modified_gmt":"2026-02-09T05:16:22","slug":"ethereum-address-poisoning-crypto-users-62m-in-two-months-scamsniffer","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/ethereum-address-poisoning-crypto-users-62m-in-two-months-scamsniffer\/","title":{"rendered":"Ethereum address poisoning crypto users $62M in two months: ScamSniffer"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Two routine copy-and-paste actions erased $62 million in crypto over December and January, exposing how basic wallet habits are becoming one of Ethereum\u2019s biggest security risks.<\/p>\n<div id=\"cn-block-summary-block_e3751eee2ea98a02d5d64b48e34bf2d5\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Two victims lost $62M after copying fake wallet addresses.<\/li>\n<li>Signature phishing also jumped sharply in January.<\/li>\n<li>Low fees have made large-scale scam campaigns cheaper to run.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>ScamSniffer said in a post on X on Feb. 8 that one victim lost about $50 million in December 2025 after sending funds to a fake address copied from transaction history. In January 2026, another user lost roughly $12.25 million, equal to about 4,556 ETH at the time, through the same mistake.<\/p>\n<p>\u201cTwo victims. $62M gone,\u201d the firm wrote.<\/p>\n<p>Both <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/realscamsniffer\/status\/2020343088523407836?s=46&amp;t=nznXkss3debX8JIhNzHmzw\" target=\"_blank\" rel=\"nofollow\">incidents<\/a> followed the same pattern. Funds were sent to look-alike addresses that had been quietly planted inside the victims\u2019 recent activity records.<\/p>\n<h2 class=\"wp-block-heading\">How address poisoning became easier to deploy<\/h2>\n<p>Address poisoning works by exploiting how most users interact with their wallets.<\/p>\n<p>Attackers monitor transactions, generate vanity addresses that resemble real ones, and send tiny \u201cdust\u201d transfers to potential targets. These near-zero transactions place the fake addresses into transaction histories.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Someone lost $12.25M in January by copying the wrong address from their transaction history. In December, another victim lost $50M the same way.<\/p>\n<p>Two victims. $62M gone.<\/p>\n<p>Signature phishing also surged \u2014 $6.27M stolen across 4,741 victims (+207% vs Dec).<\/p>\n<p>Top cases:<br \/>\u00b7 $3.02M \u2014\u2026 <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/7D5ynInRrb\">pic.twitter.com\/7D5ynInRrb<\/a><\/p>\n<p>\u2014 Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/realScamSniffer\/status\/2020343088523407836?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">February 8, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>Later, when users copy an address from past activity instead of verifying the full string, money is sent directly to the scammer.<\/p>\n<p>Security firms say this tactic has expanded rapidly since Ethereum\u2019s (ETH) Fusaka upgrade in late 2025 lowered transaction fees. What was once expensive to run at scale has become cheap and efficient.<\/p>\n<p>Millions of dust transactions are now being sent daily, according to blockchain security researchers. Many are designed only to prepare future thefts.<\/p>\n<p>This activity has also distorted network data. Rising transaction counts and active wallet numbers increasingly include spam rather than genuine usage, making it harder to separate real demand from noise.<\/p>\n<p>Several recent investigations have linked address poisoning campaigns to organized groups that recycle the same infrastructure across thousands of wallets.<\/p>\n<h2 class=\"wp-block-heading\">Signature phishing adds pressure as losses climb<\/h2>\n<p>Alongside address poisoning, ScamSniffer recorded a sharp rise in signature-based phishing in January.<\/p>\n<p>The firm reported $6.27 million in losses across 4,741 victims during the month, up 207% from December in value terms. Two wallets were responsible for about 65% of the total damage.<\/p>\n<p>The largest cases included $3.02 million stolen from SLVon and XAUt tokens through malicious permit and increaseAllowance approvals, and $1.08 million taken from aEthLBTC using similar techniques.<\/p>\n<p>These attacks rely on deceptive transaction prompts that appear routine. Once users sign them, scammers gain long-term access to tokens and can drain funds without further approval.<\/p>\n<p>Security analysts say these schemes succeed because they target habits formed during everyday trading, not technical weaknesses in protocols.<\/p>\n<p>\u201cMost victims are not careless,\u201d one researcher said privately. \u201cThey are doing what they\u2019ve done hundreds of times before.\u201d<\/p>\n<p>ScamSniffer and other firms have urged users to avoid copying addresses from transaction history, verify full wallet strings manually, and use saved contacts for frequent transfers.<\/p>\n<p>As transaction costs stay low and automation improves, analysts expect address poisoning and signature phishing to remain persistent threats. Until better tools and habits take hold, basic operational mistakes are likely to keep producing outsized losses.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two routine copy-and-paste actions erased $62 million in crypto over December and January, exposing how basic wallet habits are becoming one of Ethereum\u2019s biggest security risks. Summary Two victims lost&hellip;<\/p>\n","protected":false},"author":1,"featured_media":614,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-21560","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/21560","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=21560"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/21560\/revisions"}],"predecessor-version":[{"id":21561,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/21560\/revisions\/21561"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/614"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=21560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=21560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=21560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}