Two Ethereum users lose $62.2M to lookalike addresses
Scam Sniffer tracked two large address poisoning thefts on Ethereum: $12.2 million in January after a user copied a lookalike address, and $50 million in December in a similar case.
Two Ethereum users lost a combined $62.2 million to address poisoning, according to Scam Sniffer. One victim in January 2026 lost $12.2 million after copying a lookalike address from their transaction history. A similar incident in December 2025 cost another user $50 million.
Address poisoning involves attackers sending tiny dust transfers from addresses designed to resemble ones a target previously used. When a user later copies the wrong address from their history, funds are routed to the attacker’s wallet.
Web3 Antivirus called address poisoning “one of the most consistent ways large amounts of crypto get lost,” noting that historical cases it tracked ranged from $4 million to $126 million. “Recent incidents show this trend isn’t slowing down,” the firm wrote. Researchers added that poisoners often generate full addresses that match the same first and last characters most wallet interfaces display, while the middle differs.
Scam Sniffer also logged a jump in signature phishing in January 2026, identifying 4,741 victims and a 207% increase in losses from December 2025. Two wallets accounted for 65% of those losses. Signature phishing tricks users into signing on-chain prompts such as unlimited token approvals, enabling attackers to move assets later without new permission.
Some researchers have linked the broader rise in dust activity to lower transaction costs on Ethereum after a December 2025 upgrade, which reduced the cost of broadcasting many small transfers.
Coin Metrics estimates that stablecoin-related dust now makes up 11% of all Ethereum transactions and reaches 26% of active addresses on a typical day. Reviewing more than 227 million stablecoin balance updates on Ethereum from November 2025 through January 2026, the firm found that 38% were under one cent, a pattern consistent with wallets receiving tiny poisoning deposits.
Whitestream described DAI as “a preferred stablecoin for illicit actors, serving as a ‘parking place’ for illegally sourced funds.” The firm attributed this to governance that “does not cooperate with authorities in freezing DAI wallets,” referencing recent address poisoning activity.
As we covered previously, crypto losses tied to hacks and scams jumped to about $370.3 million in January, the highest monthly total in roughly 11 months, as attackers leaned more on phishing and social engineering than on purely technical exploits, according to security firm CertiK.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
