Key Takeaways
Imagine watching a large sum of money disappear from your wallet with a single click, only to have the thief play “Robin Hood”, returning with nearly all of the stolen money. This is what happened to a TON whale in March 2026. The scammer has stolen money and then returned most of it with a note that read, “Sorry, the money is too much. I know it’s your hard-earned funds.”
There are many things in this story that raise questions, but the most important one is: How could a seasoned investor lose a fortune in seconds? The answer lies in a deceptive tactic known as address poisoning.
Address poisoning played a growing role, with one study identifying more than 270M attempts that targeted 17M wallets and produced confirmed losses exceeding $83M on Ethereum and BNB Chain alone. This article explores the breakdown of the whale’s six-figure error and steps to take to shield your digital vault.
Early March 2026, the whale was prepared to send 126,000 TON, valued at roughly $220,000 at the time. Little did the whale know that the scammer had earlier sent a transaction from an address that matched the beginning and end characters of a real recipient the whale frequently sent money to.
So, when the whale later opened the recent activity tab and copied what appeared to be a familiar address, the money went directly to the attacker.
Usually, this is where the money is gone forever. However, this fraudster came up and, as a “compensation,” kept 10,000 TON, that is about $17,000, and gave back the remaining 116,000 TON, or roughly $203,000.
Address poisoning, sometimes referred to as address spoofing or dusting in this context, doesn’t harm wallets or private keys. It tricks users into approving the improper transaction themselves.
Scammers use GPU tools to build “vanity” addresses that look just like the first 4-8 and last 4-6 characters of real addresses users interact with. They then typically send an insignificant value (typically 0.000001 token or a fake token impersonating USDT) to your wallet, causing the phoney address to appear right next to your regular contacts in the brief preview most wallets provide.
When you’re in a hurry to transmit rent, pay a contractor, or transfer funds between exchanges or simply repeat the same withdrawals every now and then, you can instinctively copy the poisoned address. Unless the fraudster chooses to return it, the money is gone forever.

To see why even professionals get fooled, observe how simple the trick is:
In the 2024 Ethereum case, one whale nearly lost $68M in WBTC. The attacker returned the principal but pocketed $3 million in price appreciation. The TON event followed the exact same script.

The primary targets are whales with big balances, as a single error can net scammers millions of dollars in a single transaction. However, even the most security-conscious traders and holders are at risk.
Just one habit has to be altered to be safe from address poisoning: never trust your transaction history. Other safe tips include:
The TON whale story demonstrates two truths at once: frauds are constantly developing, but human compassion (or fear of on-chain tracing) can still result in partial reimbursements.
With $17B lost to scams in 2025 and address poisoning campaigns on a record high, the risk is no longer “if” but “when” you encounter one.
It is a trick that places fake similar-looking wallet addresses in your transaction history so you copy the wrong one by mistake. No, it only works if you manually confirm and send the funds yourself; your keys stay safe. Although you can’t restrict people from sending you crypto, you can prevent scams by never copying addresses from your “Recent Activity” list. Blockchain has no “undo” button, and attackers rarely return the funds like they did with the TON whale.