Address Poisoning Scams Drain $62M From Ethereum Users in Two Months

• Address poisoning scams erased $62 million after users copied wallet addresses without full verification during routine transfers.

• Lower Ethereum fees enabled mass dust attacks making address poisoning cheap, scalable and harder to detect across the network.

• Signature phishing surged in January causing over $6 million in losses through routine token approval actions.

Ethereum wallet security risks intensified over December and January after two routine transfer mistakes erased $62 million in crypto assets. Blockchain security trackers tied both losses to address poisoning schemes. These scams exploit everyday wallet habits rather than protocol flaws. As transaction fees dropped, simple user actions started carrying much higher financial risk.

Someone lost $12.25M in January by copying the wrong address from their transaction history. In December, another victim lost $50M the same way.

Two victims. $62M gone.

Signature phishing also surged — $6.27M stolen across 4,741 victims (+207% vs Dec).

Top cases:
· $3.02M —… pic.twitter.com/7D5ynInRrb

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) February 8, 2026

The incidents highlight a growing threat for Ethereum users. Copying addresses without full verification now leads to irreversible losses. Moreover, attackers rely on speed and repetition instead of complex technical exploits. As a result, operational mistakes now rank among Ethereum’s biggest security risks.

Copy Habits Trigger Massive Losses

In December 2025, a user lost about $50 million after copying a fake address from transaction history. The address closely resembled a previously used destination. Consequently, funds moved directly to an attacker controlled wallet.

In January 2026, another user lost roughly $12.25 million, equal to about 4,556 ETH at the time. This transfer followed the same pattern as the earlier incident. Both cases relied on users reusing addresses from past activity without full checks.

These losses show how routine habits expose wallets to major risks. Users often prioritize speed during transfers. However, attackers now depend on that behavior to succeed.

How Address Poisoning Works at Scale

Address poisoning uses vanity addresses designed to resemble real wallet strings. Attackers monitor transactions and identify frequent senders. They then send tiny dust transfers to those wallets.

These near zero value transactions insert fake addresses into transaction histories. Later, copied addresses redirect funds to scammers. As Ethereum fees fell after the Fusaka upgrade, this method became cheap to deploy.

Millions of dust transactions now hit the network daily. Many serve no purpose beyond preparing future thefts. Consequently, address poisoning expanded rapidly across Ethereum. Earlier last year, the EOS blockchain was under attack by malicious actors using an address-poisoning scheme.

Network Data Distortion and Organized Campaigns

Security researchers report that poisoning activity now distorts Ethereum usage data. Rising transaction counts increasingly reflect spam rather than genuine demand. This shift complicates network analysis.

Coin Metrics reviewed 227 million stablecoin balance updates between November and January. The firm found 38% of updates carried values below one cent. This pattern strongly points to poisoning deposits.

Today, stablecoin dust accounts for 11% of Ethereum transactions on average days. It also represents 26% of active addresses. Investigations link many campaigns to organized groups reusing infrastructure across thousands of wallets.

Signature Phishing Adds to Losses

Alongside poisoning, signature based phishing increased sharply in January. ScamSniffer recorded $6.27 million stolen across 4,741 victims during the month. This marked a 207% increase compared with December. Additionally, WLFI also confirmed that attackers accessed some user wallets through phishing and third-party lapses before its platform launched in November.

Two wallets alone caused about 65% of total losses. Major cases included $3.02 million stolen from SLVon and XAUt tokens. Another $1.08 million came from aEthLBTC through malicious approvals. These scams rely on routine looking transaction prompts. Once approved, attackers gain long term token access.