Crypto investor loses $12.5M to address poison attackers - Coinfea

A crypto investor has lost 4,556 ETH to address poisoning scammers. The unlucky cryptocurrency victim lost 4,556 ETH, valued at $12.25 million, to a sophisticated “address poisoning” attack. The incident was reported by the blockchain security platform Scam Sniffer.

Traders are now being warned to never copy addresses from their transaction history due to an increase in address poisoning scams. Overall, there has been a record-breaking surge in crypto theft, including a nearly $50 million loss in December 2025 and over 1 million poisoning attempts being detected every day on the Ethereum network.

Crypto investor suffers address poisoning attack

The victim intended to send funds to a legitimate contact using a pre-saved wallet in their history. However, they unknowingly copied a “poisoned” address, which belonged to the scammer. According to reports, the scammer’s wallet was specifically designed to look like the correct one. Address poisoning attacks take advantage of human error.

The scam also takes advantage of how crypto wallets display addresses for easier viewing. For example, an address might be shown as 0x6D90…2E48. Scammers use powerful software to generate millions of “vanity” addresses until they find one that matches those first and last few characters. Once they have a matching address, they send a tiny amount of crypto or even a transaction with zero value to a user’s wallet.

The transaction then puts the scammer’s address into their recent history. The next time the user attempts to copy that address from their history, they could very easily mistake the scammer’s address for the correct one. Once sent, the money is gone forever because blockchain transactions cannot be reversed. Security experts from companies like Cyvers and Immunefi report that these attacks are now happening at an industrial scale.

In January 2026, Ethereum transactions hit an all-time high of over 2.8 million per day, and analysts from Citi believe a large portion of this activity is caused by scammers sending millions of these “poison” transactions to catch a few unlucky victims. On January 21, 2026, the Saga EVM blockchain had to be paused after a hack drained $7 million.

Earlier in January, the Truebit protocol lost $26.6 million in ETH when an attacker exploited an older security hole in its system, sending the token’s price crashing by nearly 100%. Even larger organizations like the French crypto tax platform called Waltio received a ransom demand from the ShinyHunters hacker group. In 2025 alone, over $17 billion was stolen through various scams. Chainalysis reports that “impersonation scams,” which include address poisoning, grew by a staggering 1,400% compared to the year before.