Key Takeaways
- The Fusaka upgrade sharply reduced Ethereum transaction costs, helping trigger a major rise in address-poisoning scams.
- Attackers now flood transaction histories with lookalike wallet addresses, turning a single copy-paste error into a multimillion-dollar loss.
- Recent cases involving $50 million, $24 million, and $12 million thefts have pushed confirmed losses beyond $80 million.
Ethereum’s latest scam wave doesn’t rely on sophisticated hacking. It relies on something much simpler: one careless copy-paste.
Address-poisoning attacks have become one of the fastest-growing threats on the network, turning ordinary wallet activity into a trap.
The scam works by planting fake, lookalike addresses into a user’s transaction history, betting that sooner or later someone will copy the wrong one and send funds straight to an attacker.
What was once a relatively niche phishing tactic has now scaled into a high-volume operation.
According to Etherscan, the surge accelerated sharply after Ethereum’s Fusaka upgrade in December 2025 lowered transaction fees and made mass spam transfers cheap enough to industrialize.
Etherscan Sounds the Alarm
Etherscan’s latest warning points to a clear shift: lower fees have made address poisoning dramatically easier to run at scale.
The scam takes advantage of how most wallets and block explorers display only the beginning and end of an address.
Attackers generate vanity addresses that closely resemble legitimate ones a victim has used before.
They then send tiny “dust” transactions, zero-value token transfers, or spoofed events so the fake address appears in the victim’s recent activity.
The goal is simple. If the victim later copies that address from their history without checking it carefully, the funds go to the attacker.
A 2025 study covering July 2022 through June 2024 already documented around 17 million poisoning attempts targeting roughly 1.3 million Ethereum users, with at least $79.3 million in confirmed losses.
The success rate was extremely low — about 0.01% — but that hardly mattered. At scale, one successful hit can pay for thousands of failed attempts.
Why Fusaka Changed the Economics
The real escalation came after the Fusaka upgrade on Dec. 3, 2025.
By slashing fees, the upgrade removed the main cost barrier that had previously limited large spam campaigns.
What used to be too expensive to run aggressively became cheap enough to automate.
In the 90 days after Fusaka, Etherscan found:
- USDT dust transfers of $0.01 or less jumped 612%, from 4.2 million to 29.9 million
- USDC dust transfers rose 473%.
- DAI dust transfers rose 470%.
- ETH dust activity increased 62%.
More broadly, Ethereum’s daily transaction count rose 30%, while the number of new addresses climbed 78%.
Researchers estimate poisoning volume increased by as much as 5.6 times, with losses rising 13 times in comparable periods.
That shift turned address poisoning into a pure volume business.
Bots now watch the chain in real time, spot large or frequent transfers, generate matching lookalike addresses within seconds, and race to insert poisoned entries into transaction histories.
In one case cited by Etherscan, a single user received 89 address-watch alerts in less than 30 minutes after making just two stablecoin transfers.
Daily poisoning attempts now exceed 1 million on Ethereum alone, contributing to record network activity.
By January 2026, daily transactions had crossed 2.8 million.
The Cost of One Mistake
The danger is not theoretical.
Recent months have produced a string of high-value cases that show how expensive one mistake can become.
In December 2025, one trader reportedly lost about $50 million in USDT after copying a poisoned address.
In January 2026, another attack resulted in the theft of 4,556 ETH, worth roughly $12.25 million at the time.
One of the most publicized incidents came in March 2026, when crypto influencer Sillytuna lost around $24 million in aEthUSDC after falling into a classic poisoning trap.
Security firms including PeckShield flagged the theft as attackers quickly moved the funds through intermediary wallets, swapping them into ETH and then into roughly $20 million in DAI.
Taken together, these cases have pushed confirmed losses past $80 million, and that figure likely understates the real damage given the number of incidents that go unreported.
Why the Scam Keeps Working
Part of the scam’s effectiveness comes from design choices meant to make crypto easier to use.
Wallets truncate long addresses for readability. Users rely on recent transaction history to save time. Repeated contacts blur into habit. Attackers exploit all of that.
Address poisoning succeeds not because the underlying blockchain is broken, but because convenience has become part of the attack surface.
As fees fall and automation improves, attackers no longer need to be selective. They can spray spam widely, wait for one mistake, and walk away with a life-changing payout.
How To Protect Yourself: Etherscan’s Official Tips
Awareness and simple habits dramatically reduce risk.
Treat every address copy as a potential trap, leverage Etherscan’s security features, and remember: in crypto, there are no undo buttons. Verify twice, send once.
As blockchain tools improve and fees stay low, expect attackers to keep innovating.
Regular checks on Etherscan’s information center and security alerts remain your best defense in this high-stakes ecosystem.
Prevention is straightforward but requires discipline:
- Always verify the full destination address; never copy-paste from the transaction history. Check every character against your original source.
- Use private name tags and whitelists on Etherscan for frequent contacts; enable the Address Highlight feature to visually flag lookalikes.
- Adopt ENS domains for readable addresses, but use caution against phishing variants.
- Hide zero-value transfers and tokens with poor reputation in settings to reduce noise.
- Cross-check on multiple explorers and watch for Etherscan pop-up warnings on suspicious copies.
- Whitelist addresses in your wallet and avoid unverified tokens.
Etherscan now displays more characters in addresses by default, making spoofing harder. Tools like token ignore lists and reputation checks add extra layers.
Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.
His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.
Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.
